./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4221851384 <...> Warning: Permanently added '10.128.0.28' (ED25519) to the list of known hosts. execve("./syz-executor4221851384", ["./syz-executor4221851384"], 0x7ffdcfe590f0 /* 10 vars */) = 0 brk(NULL) = 0x5555563f2000 brk(0x5555563f2d40) = 0x5555563f2d40 arch_prctl(ARCH_SET_FS, 0x5555563f23c0) = 0 set_tid_address(0x5555563f2690) = 5072 set_robust_list(0x5555563f26a0, 24) = 0 rseq(0x5555563f2ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4221851384", 4096) = 28 getrandom("\xef\x61\x97\xd9\x55\xbf\xbe\xa6", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555563f2d40 brk(0x555556413d40) = 0x555556413d40 brk(0x555556414000) = 0x555556414000 mprotect(0x7f02a5c11000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.a7bkEY", 0700) = 0 chmod("./syzkaller.a7bkEY", 0777) = 0 chdir("./syzkaller.a7bkEY") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached , child_tidptr=0x5555563f2690) = 5073 [pid 5073] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5073] chdir("./0") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5073] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5073] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5075 attached [pid 5075] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5073] <... clone3 resumed> => {parent_tid=[5075]}, 88) = 5075 [pid 5075] <... rseq resumed>) = 0 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5073] <... futex resumed>) = 0 [pid 5075] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5073] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... openat resumed>) = 3 [pid 5075] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5073] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... openat resumed>) = 4 [pid 5075] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5073] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] dup3(4, 3, 0) = 3 [pid 5075] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5075] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] <... futex resumed>) = 0 [pid 5075] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5073] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... openat resumed>) = 5 [pid 5075] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5073] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5075] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5075] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] memfd_create("syzkaller", 0 [pid 5073] <... futex resumed>) = 0 [pid 5075] <... memfd_create resumed>) = 6 [pid 5073] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5073] <... futex resumed>) = 0 [pid 5075] <... mmap resumed>) = 0x7f029d600000 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5073] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5075] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5076 attached [pid 5075] munmap(0x7f029d600000, 138412032 [pid 5076] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5073] <... clone3 resumed> => {parent_tid=[5076]}, 88) = 5076 [pid 5076] <... rseq resumed>) = 0 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5075] <... munmap resumed>) = 0 [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5073] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] <... futex resumed>) = 0 [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5073] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5076] memfd_create("syzkaller", 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5076] <... memfd_create resumed>) = 7 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5075] <... openat resumed>) = 8 [pid 5075] ioctl(8, LOOP_SET_FD, 6 [pid 5076] <... mmap resumed>) = 0x7f029d600000 [pid 5075] <... ioctl resumed>) = 0 [pid 5075] close(6) = 0 [pid 5075] close(8 [pid 5076] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5075] <... close resumed>) = 0 [pid 5076] munmap(0x7f029d600000, 138412032) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5075] mkdir("./bus", 0777 [pid 5076] <... openat resumed>) = 6 [pid 5076] ioctl(6, LOOP_SET_FD, 7 [pid 5075] <... mkdir resumed>) = 0 [pid 5076] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5076] ioctl(6, LOOP_CLR_FD) = 0 [pid 5075] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5076] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [ 78.151765][ T5075] loop0: detected capacity change from 0 to 512 [pid 5076] close(6 [pid 5075] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5075] ioctl(6, LOOP_CLR_FD [pid 5076] <... close resumed>) = 0 [pid 5076] close(7 [pid 5075] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5075] close(6) = 0 [pid 5075] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... close resumed>) = 0 [pid 5076] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5076] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [ 78.201508][ T5075] /dev/loop0: Can't open blockdev [pid 5075] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5073] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5073] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5076] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5073] <... futex resumed>) = 1 [pid 5076] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5073] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] <... mmap resumed>) = 0x20000000 [pid 5075] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] exit_group(0 [pid 5076] <... futex resumed>) = ? [pid 5075] <... futex resumed>) = ? [pid 5073] <... exit_group resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5075] +++ exited with 0 +++ [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./0/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/cpuset.effective_cpus") = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached , child_tidptr=0x5555563f2690) = 5077 [pid 5077] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5077] chdir("./1") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5077] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5078 attached [pid 5078] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5077] <... clone3 resumed> => {parent_tid=[5078]}, 88) = 5078 [pid 5078] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] <... set_robust_list resumed>) = 0 [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5077] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5078] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5077] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... openat resumed>) = 3 [pid 5078] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5078] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] <... futex resumed>) = 0 [pid 5078] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5077] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... openat resumed>) = 4 [pid 5078] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5078] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5078] dup3(4, 3, 0) = 3 [pid 5077] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5077] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... openat resumed>) = 5 [pid 5078] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 1 [pid 5077] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5077] <... futex resumed>) = 0 [pid 5078] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5077] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5077] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5078] memfd_create("syzkaller", 0 [pid 5077] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5077] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5078] <... memfd_create resumed>) = 6 [pid 5077] <... mprotect resumed>) = 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5077] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5079 attached [pid 5078] <... mmap resumed>) = 0x7f029d600000 [pid 5079] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5079] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5077] <... clone3 resumed> => {parent_tid=[5079]}, 88) = 5079 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5079] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5077] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5079] memfd_create("syzkaller", 0 [pid 5077] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] <... memfd_create resumed>) = 7 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5078] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5079] <... mmap resumed>) = 0x7f0295200000 [pid 5079] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5078] <... write resumed>) = 262144 [pid 5078] munmap(0x7f029d600000, 138412032) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5079] <... write resumed>) = 262144 [pid 5078] <... openat resumed>) = 8 [pid 5078] ioctl(8, LOOP_SET_FD, 6 [pid 5079] munmap(0x7f0295200000, 138412032 [pid 5078] <... ioctl resumed>) = 0 [pid 5079] <... munmap resumed>) = 0 [pid 5078] close(6) = 0 [pid 5078] close(8 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5078] <... close resumed>) = 0 [pid 5079] <... openat resumed>) = 6 [pid 5079] ioctl(6, LOOP_SET_FD, 7 [pid 5078] mkdir("./bus", 0777 [pid 5079] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5078] <... mkdir resumed>) = 0 [pid 5079] ioctl(6, LOOP_CLR_FD) = 0 [pid 5078] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5079] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [ 78.717852][ T5078] loop0: detected capacity change from 0 to 512 [pid 5079] close(6) = 0 [pid 5079] close(7) = 0 [pid 5079] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... mount resumed>) = -1 EIO (Input/output error) [pid 5077] <... futex resumed>) = 0 [pid 5079] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5077] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5078] <... openat resumed>) = 6 [pid 5077] <... futex resumed>) = 0 [pid 5078] ioctl(6, LOOP_CLR_FD [pid 5077] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5078] close(6) = 0 [pid 5078] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.764331][ T5078] syz-executor422: attempt to access beyond end of device [ 78.764331][ T5078] loop0: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 78.778516][ T5078] EXT4-fs (loop0): unable to read superblock [pid 5078] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5077] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5078] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5078] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... futex resumed>) = 1 [pid 5077] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... mmap resumed>) = 0x20000000 [pid 5079] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] exit_group(0 [pid 5079] <... futex resumed>) = ? [pid 5078] <... futex resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5077] <... exit_group resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./1/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/cpuset.effective_cpus") = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached , child_tidptr=0x5555563f2690) = 5080 [pid 5080] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5080] chdir("./2") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5080] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5080] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5081 attached => {parent_tid=[5081]}, 88) = 5081 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5081] set_robust_list(0x7f02a5b4c9a0, 24) = 0 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5081] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5080] <... futex resumed>) = 1 [pid 5080] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... openat resumed>) = 3 [pid 5081] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5081] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5080] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] dup3(4, 3, 0 [pid 5080] <... futex resumed>) = 0 [pid 5081] <... dup3 resumed>) = 3 [pid 5080] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... futex resumed>) = 0 [pid 5080] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5080] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 5 [pid 5080] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... futex resumed>) = 0 [pid 5080] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5080] <... futex resumed>) = 0 [pid 5081] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5080] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5081] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = 0 [pid 5081] memfd_create("syzkaller", 0 [pid 5080] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... memfd_create resumed>) = 6 [pid 5080] <... futex resumed>) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5080] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5081] <... mmap resumed>) = 0x7f029d600000 [pid 5080] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5082 attached [pid 5081] <... write resumed>) = 262144 [pid 5080] <... clone3 resumed> => {parent_tid=[5082]}, 88) = 5082 [pid 5082] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5081] munmap(0x7f029d600000, 138412032 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] <... rseq resumed>) = 0 [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5080] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... set_robust_list resumed>) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] <... munmap resumed>) = 0 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5082] memfd_create("syzkaller", 0) = 7 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5080] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5081] <... openat resumed>) = 8 [pid 5082] <... mmap resumed>) = 0x7f029d600000 [pid 5081] ioctl(8, LOOP_SET_FD, 6 [pid 5082] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5081] <... ioctl resumed>) = 0 [pid 5082] munmap(0x7f029d600000, 138412032) = 0 [pid 5081] close(6) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5081] close(8) = 0 [pid 5081] mkdir("./bus", 0777 [pid 5082] <... openat resumed>) = 6 [pid 5081] <... mkdir resumed>) = 0 [pid 5082] ioctl(6, LOOP_SET_FD, 7 [pid 5081] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5082] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5082] ioctl(6, LOOP_CLR_FD [pid 5081] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5082] <... ioctl resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5081] ioctl(8, LOOP_CLR_FD [pid 5082] ioctl(6, LOOP_SET_FD, 7 [pid 5081] <... ioctl resumed>) = 0 [pid 5082] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5081] close(8 [pid 5082] close(6 [pid 5081] <... close resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5081] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] close(7 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... close resumed>) = 0 [pid 5082] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [ 79.371961][ T5081] loop0: detected capacity change from 0 to 512 [ 79.404174][ T5081] /dev/loop0: Can't open blockdev [pid 5082] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5081] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5080] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5080] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5082] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5082] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... mmap resumed>) = 0x20000000 [pid 5081] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] exit_group(0 [pid 5082] <... futex resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] <... futex resumed>) = ? [pid 5080] <... exit_group resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./2/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/cpuset.effective_cpus") = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached , child_tidptr=0x5555563f2690) = 5083 [pid 5083] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5083] chdir("./3") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5083] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5084 attached [pid 5084] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5083] <... clone3 resumed> => {parent_tid=[5084]}, 88) = 5084 [pid 5084] <... rseq resumed>) = 0 [pid 5084] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] <... set_robust_list resumed>) = 0 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5083] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 3 [pid 5084] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5084] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5083] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5084] dup3(4, 3, 0 [pid 5083] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... dup3 resumed>) = 3 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5084] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5083] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 5 [pid 5084] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5083] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5084] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5084] memfd_create("syzkaller", 0 [pid 5083] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] <... memfd_create resumed>) = 6 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5083] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5085 attached [pid 5084] <... write resumed>) = 262144 [pid 5083] <... clone3 resumed> => {parent_tid=[5085]}, 88) = 5085 [pid 5085] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5085] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] munmap(0x7f029d600000, 138412032 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... munmap resumed>) = 0 [pid 5083] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5083] <... futex resumed>) = 1 [pid 5083] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] memfd_create("syzkaller", 0 [pid 5084] <... openat resumed>) = 7 [pid 5085] <... memfd_create resumed>) = 8 [pid 5084] ioctl(7, LOOP_SET_FD, 6 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5084] <... ioctl resumed>) = 0 [pid 5084] close(6) = 0 [pid 5084] close(7) = 0 [pid 5084] mkdir("./bus", 0777 [pid 5085] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5084] <... mkdir resumed>) = 0 [pid 5084] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5085] <... write resumed>) = 262144 [pid 5085] munmap(0x7f029d600000, 138412032) = 0 [ 80.116199][ T5084] loop0: detected capacity change from 0 to 512 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5085] close(8 [pid 5084] <... mount resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5084] chdir("./bus" [pid 5085] <... close resumed>) = 0 [pid 5084] <... chdir resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5084] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5085] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5084] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 80.160957][ T5084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.174392][ T5084] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/3/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5083] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5083] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5083] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5085] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5085] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... mmap resumed>) = 0x20000000 [pid 5084] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] exit_group(0 [pid 5085] <... futex resumed>) = ? [pid 5084] <... futex resumed>) = ? [pid 5083] <... exit_group resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./3/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/cpuset.effective_cpus") = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 [ 80.495069][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached , child_tidptr=0x5555563f2690) = 5089 [pid 5089] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5089] chdir("./4") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5089] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5090 attached [pid 5090] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5089] <... clone3 resumed> => {parent_tid=[5090]}, 88) = 5090 [pid 5090] <... rseq resumed>) = 0 [pid 5090] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... set_robust_list resumed>) = 0 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5090] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5089] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... openat resumed>) = 3 [pid 5090] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5089] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5090] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] dup3(4, 3, 0) = 3 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] <... futex resumed>) = 0 [pid 5090] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5089] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... openat resumed>) = 5 [pid 5090] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5089] <... futex resumed>) = 0 [pid 5090] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5089] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5089] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] memfd_create("syzkaller", 0 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... memfd_create resumed>) = 6 [pid 5089] <... futex resumed>) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5089] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5089] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5091 attached [pid 5090] <... write resumed>) = 262144 [pid 5089] <... clone3 resumed> => {parent_tid=[5091]}, 88) = 5091 [pid 5091] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5091] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5090] munmap(0x7f029d600000, 138412032 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] <... munmap resumed>) = 0 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5089] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] memfd_create("syzkaller", 0 [pid 5089] <... futex resumed>) = 0 [pid 5091] <... memfd_create resumed>) = 8 [pid 5089] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5090] <... openat resumed>) = 7 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5090] ioctl(7, LOOP_SET_FD, 6 [pid 5091] <... mmap resumed>) = 0x7f029d600000 [pid 5090] <... ioctl resumed>) = 0 [pid 5090] close(6) = 0 [pid 5090] close(7) = 0 [pid 5090] mkdir("./bus", 0777 [pid 5091] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5090] <... mkdir resumed>) = 0 [pid 5090] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5091] <... write resumed>) = 262144 [pid 5091] munmap(0x7f029d600000, 138412032) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5091] close(8) = 0 [pid 5091] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = 0 [ 80.802162][ T5090] loop0: detected capacity change from 0 to 512 [pid 5089] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5091] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5089] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... mount resumed>) = 0 [pid 5090] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5090] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5089] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [ 80.846400][ T5090] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.860145][ T5090] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/4/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5089] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... setxattr resumed>) = 0 [pid 5090] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5090] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... mmap resumed>) = 0x20000000 [pid 5091] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] exit_group(0 [pid 5090] <... futex resumed>) = ? [pid 5089] <... exit_group resumed>) = ? [pid 5091] <... futex resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./4/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/cpuset.effective_cpus") = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 [ 81.162808][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached , child_tidptr=0x5555563f2690) = 5094 [pid 5094] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5094] chdir("./5") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5094] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5095 attached [pid 5095] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5094] <... clone3 resumed> => {parent_tid=[5095]}, 88) = 5095 [pid 5095] <... rseq resumed>) = 0 [pid 5095] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] <... set_robust_list resumed>) = 0 [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5094] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... openat resumed>) = 3 [pid 5095] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5095] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... futex resumed>) = 0 [pid 5095] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5094] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... openat resumed>) = 4 [pid 5095] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] dup3(4, 3, 0 [pid 5094] <... futex resumed>) = 0 [pid 5095] <... dup3 resumed>) = 3 [pid 5094] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5095] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... futex resumed>) = 0 [pid 5095] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5094] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... openat resumed>) = 5 [pid 5095] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5095] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5094] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] memfd_create("syzkaller", 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5095] <... memfd_create resumed>) = 6 [pid 5094] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5094] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5095] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5094] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5095] <... write resumed>) = 262144 [pid 5094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} => {parent_tid=[5096]}, 88) = 5096 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5096 attached [pid 5094] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5094] <... futex resumed>) = 0 [pid 5096] <... rseq resumed>) = 0 [pid 5094] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] memfd_create("syzkaller", 0) = 7 [pid 5095] munmap(0x7f029d600000, 138412032 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5095] <... munmap resumed>) = 0 [pid 5096] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5096] <... write resumed>) = 262144 [pid 5095] <... openat resumed>) = 8 [pid 5095] ioctl(8, LOOP_SET_FD, 6 [pid 5096] munmap(0x7f029d600000, 138412032) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5095] <... ioctl resumed>) = 0 [pid 5096] <... openat resumed>) = 9 [pid 5096] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5095] close(6 [pid 5096] ioctl(9, LOOP_CLR_FD [pid 5095] <... close resumed>) = 0 [pid 5095] close(8) = 0 [pid 5095] mkdir("./bus", 0777) = 0 [pid 5095] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = -1 EBUSY (Device or resource busy) [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5095] ioctl(6, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5095] close(6) = 0 [pid 5095] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.659598][ T5095] loop0: detected capacity change from 0 to 512 [ 81.683929][ T5095] /dev/loop0: Can't open blockdev [pid 5095] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... ioctl resumed>) = 0 [pid 5096] ioctl(9, LOOP_SET_FD, 7) = 0 [pid 5096] close(7) = 0 [pid 5096] close(9) = 0 [pid 5096] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 81.724031][ T5074] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 81.727981][ T5096] loop0: detected capacity change from 0 to 512 [ 81.734043][ T5074] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 81.749419][ T5074] Buffer I/O error on dev loop0, logical block 0, async page read [pid 5096] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5096] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5096] chdir("./bus") = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5096] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 1 [pid 5094] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5095] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 81.798158][ T5096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.810815][ T5096] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/5/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5094] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 0 [pid 5096] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5096] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 1 [pid 5096] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... mmap resumed>) = 0x20000000 [pid 5095] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] exit_group(0 [pid 5096] <... futex resumed>) = ? [pid 5095] <... futex resumed>) = ? [pid 5094] <... exit_group resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./5/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/cpuset.effective_cpus") = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 82.141752][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached , child_tidptr=0x5555563f2690) = 5099 [pid 5099] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5099] chdir("./6") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5099] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5100 attached [pid 5100] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5099] <... clone3 resumed> => {parent_tid=[5100]}, 88) = 5100 [pid 5100] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], [pid 5100] <... set_robust_list resumed>) = 0 [pid 5099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], [pid 5099] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5099] <... futex resumed>) = 0 [pid 5100] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5099] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... openat resumed>) = 3 [pid 5100] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5099] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5100] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] dup3(4, 3, 0 [pid 5099] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... dup3 resumed>) = 3 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5100] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5100] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... openat resumed>) = 5 [pid 5100] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] <... futex resumed>) = 0 [pid 5100] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5099] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] <... futex resumed>) = 0 [pid 5100] memfd_create("syzkaller", 0 [pid 5099] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... memfd_create resumed>) = 6 [pid 5099] <... futex resumed>) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5099] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5100] <... mmap resumed>) = 0x7f029d600000 [pid 5099] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5100] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5100] <... write resumed>) = 262144 [pid 5100] munmap(0x7f029d600000, 138412032./strace-static-x86_64: Process 5101 attached [pid 5101] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5099] <... clone3 resumed> => {parent_tid=[5101]}, 88) = 5101 [pid 5101] <... rseq resumed>) = 0 [pid 5101] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5100] <... munmap resumed>) = 0 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] <... set_robust_list resumed>) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5099] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] memfd_create("syzkaller", 0 [pid 5100] <... openat resumed>) = 7 [pid 5099] <... futex resumed>) = 0 [pid 5101] <... memfd_create resumed>) = 8 [pid 5100] ioctl(7, LOOP_SET_FD, 6 [pid 5099] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5100] <... ioctl resumed>) = 0 [pid 5100] close(6) = 0 [pid 5101] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5100] close(7) = 0 [pid 5100] mkdir("./bus", 0777 [pid 5101] <... write resumed>) = 262144 [pid 5100] <... mkdir resumed>) = 0 [pid 5101] munmap(0x7f029d600000, 138412032 [pid 5100] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5101] <... munmap resumed>) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5101] close(8) = 0 [ 82.352344][ T5100] loop0: detected capacity change from 0 to 512 [pid 5101] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 0 [pid 5101] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5100] <... mount resumed>) = 0 [pid 5100] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5100] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.396923][ T5100] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.410167][ T5100] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/6/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5100] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5099] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5100] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5099] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... setxattr resumed>) = 0 [pid 5100] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5100] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... mmap resumed>) = 0x20000000 [pid 5101] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] exit_group(0 [pid 5101] <... futex resumed>) = ? [pid 5100] <... futex resumed>) = ? [pid 5099] <... exit_group resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./6/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/cpuset.effective_cpus") = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 82.713686][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached , child_tidptr=0x5555563f2690) = 5105 [pid 5105] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5105] chdir("./7") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5105] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5106 attached [pid 5106] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5105] <... clone3 resumed> => {parent_tid=[5106]}, 88) = 5106 [pid 5106] <... rseq resumed>) = 0 [pid 5106] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] <... set_robust_list resumed>) = 0 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... openat resumed>) = 3 [pid 5106] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5105] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... openat resumed>) = 4 [pid 5106] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] dup3(4, 3, 0 [pid 5105] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... dup3 resumed>) = 3 [pid 5106] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5105] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... openat resumed>) = 5 [pid 5106] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5105] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5106] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] memfd_create("syzkaller", 0 [pid 5105] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] <... memfd_create resumed>) = 6 [pid 5105] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5106] <... mmap resumed>) = 0x7f029d600000 [pid 5105] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5106] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5105] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5106] <... write resumed>) = 262144 [pid 5105] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5106] munmap(0x7f029d600000, 138412032./strace-static-x86_64: Process 5107 attached ) = 0 [pid 5107] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5105] <... clone3 resumed> => {parent_tid=[5107]}, 88) = 5107 [pid 5107] <... rseq resumed>) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5107] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5106] <... openat resumed>) = 7 [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5107] <... set_robust_list resumed>) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] ioctl(7, LOOP_SET_FD, 6 [pid 5105] <... futex resumed>) = 0 [pid 5107] memfd_create("syzkaller", 0 [pid 5105] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5107] <... memfd_create resumed>) = 8 [pid 5106] <... ioctl resumed>) = 0 [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5106] close(6) = 0 [pid 5106] close(7) = 0 [pid 5107] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5106] mkdir("./bus", 0777 [pid 5107] munmap(0x7f029d600000, 138412032) = 0 [pid 5106] <... mkdir resumed>) = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5106] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5107] ioctl(6, LOOP_SET_FD, 8) = -1 EBUSY (Device or resource busy) [pid 5106] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5107] ioctl(6, LOOP_CLR_FD [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5106] ioctl(7, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5106] close(7) = 0 [pid 5106] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.989435][ T5106] loop0: detected capacity change from 0 to 512 [ 83.024033][ T5106] /dev/loop0: Can't open blockdev [pid 5106] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... ioctl resumed>) = 0 [pid 5107] ioctl(6, LOOP_SET_FD, 8) = 0 [pid 5107] close(8) = 0 [pid 5107] close(6) = 0 [pid 5107] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 83.092106][ T5107] loop0: detected capacity change from 0 to 512 [pid 5107] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5107] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5107] chdir("./bus") = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5107] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5107] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5105] <... futex resumed>) = 1 [ 83.154734][ T5107] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.167791][ T5107] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/7/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5105] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5105] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5105] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5107] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5107] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] <... mmap resumed>) = 0x20000000 [pid 5106] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] exit_group(0 [pid 5107] <... futex resumed>) = ? [pid 5107] +++ exited with 0 +++ [pid 5106] <... futex resumed>) = ? [pid 5105] <... exit_group resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./7/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/cpuset.effective_cpus") = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 83.503051][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. unlink("./7/binderfs") = 0 umount2("./7/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x5555563f2690) = 5110 [pid 5110] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5110] chdir("./8") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5110] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5110] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5111 attached [pid 5111] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5111] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5110] <... clone3 resumed> => {parent_tid=[5111]}, 88) = 5111 [pid 5111] <... set_robust_list resumed>) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... openat resumed>) = 3 [pid 5111] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5110] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... openat resumed>) = 4 [pid 5111] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5111] dup3(4, 3, 0 [pid 5110] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... dup3 resumed>) = 3 [pid 5111] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5110] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... openat resumed>) = 5 [pid 5111] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5110] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] memfd_create("syzkaller", 0 [pid 5110] <... futex resumed>) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5111] <... memfd_create resumed>) = 6 [pid 5110] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5110] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5111] <... mmap resumed>) = 0x7f029d600000 [pid 5110] <... mprotect resumed>) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5111] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5112 attached ) = 262144 [pid 5110] <... clone3 resumed> => {parent_tid=[5112]}, 88) = 5112 [pid 5112] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5111] munmap(0x7f029d600000, 138412032 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5112] <... rseq resumed>) = 0 [pid 5112] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5112] <... set_robust_list resumed>) = 0 [pid 5110] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] <... futex resumed>) = 0 [pid 5112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] memfd_create("syzkaller", 0 [pid 5111] <... munmap resumed>) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5111] ioctl(7, LOOP_SET_FD, 6 [pid 5112] <... memfd_create resumed>) = 8 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5111] <... ioctl resumed>) = 0 [pid 5111] close(6) = 0 [pid 5111] close(7) = 0 [pid 5112] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5111] mkdir("./bus", 0777 [pid 5112] <... write resumed>) = 262144 [pid 5111] <... mkdir resumed>) = 0 [pid 5112] munmap(0x7f029d600000, 138412032 [pid 5111] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5112] <... munmap resumed>) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5112] close(8) = 0 [ 83.804147][ T5111] loop0: detected capacity change from 0 to 512 [pid 5112] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5112] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5110] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... mount resumed>) = 0 [pid 5111] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5111] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.853800][ T5111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.867055][ T5111] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/8/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5111] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5110] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5110] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = 0 [pid 5111] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5111] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... mmap resumed>) = 0x20000000 [pid 5112] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] exit_group(0 [pid 5112] <... futex resumed>) = ? [pid 5111] <... futex resumed>) = ? [pid 5110] <... exit_group resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=36 /* 0.36 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./8/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/cpuset.effective_cpus") = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 [ 84.196219][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached , child_tidptr=0x5555563f2690) = 5115 [pid 5115] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5115] chdir("./9") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5115] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5116 attached [pid 5116] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5115] <... clone3 resumed> => {parent_tid=[5116]}, 88) = 5116 [pid 5116] <... rseq resumed>) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5115] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5115] <... futex resumed>) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5115] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5116] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] <... futex resumed>) = 0 [pid 5116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5115] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5115] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] dup3(4, 3, 0 [pid 5115] <... futex resumed>) = 0 [pid 5116] <... dup3 resumed>) = 3 [pid 5115] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5115] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... openat resumed>) = 5 [pid 5116] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5115] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5115] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] <... futex resumed>) = 0 [pid 5116] memfd_create("syzkaller", 0 [pid 5115] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] <... memfd_create resumed>) = 6 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5115] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5116] <... mmap resumed>) = 0x7f029d600000 [pid 5115] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5116] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5115] <... mprotect resumed>) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5117 attached [pid 5117] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5117] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5115] <... clone3 resumed> => {parent_tid=[5117]}, 88) = 5117 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] <... write resumed>) = 262144 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] munmap(0x7f029d600000, 138412032 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5117] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... munmap resumed>) = 0 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] memfd_create("syzkaller", 0) = 7 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5115] <... futex resumed>) = 0 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5116] <... openat resumed>) = 8 [pid 5115] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5116] ioctl(8, LOOP_SET_FD, 6 [pid 5117] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5117] munmap(0x7f029d600000, 138412032 [pid 5116] <... ioctl resumed>) = 0 [pid 5117] <... munmap resumed>) = 0 [pid 5116] close(6 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5116] <... close resumed>) = 0 [pid 5116] close(8 [pid 5117] <... openat resumed>) = 6 [pid 5116] <... close resumed>) = 0 [pid 5117] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5117] ioctl(6, LOOP_CLR_FD [pid 5116] mkdir("./bus", 0777) = 0 [ 84.574641][ T5116] loop0: detected capacity change from 0 to 512 [pid 5116] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = -1 EBUSY (Device or resource busy) [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5116] ioctl(8, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 84.617778][ T5116] /dev/loop0: Can't open blockdev [pid 5117] <... ioctl resumed>) = 0 [pid 5116] close(8) = 0 [pid 5116] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] ioctl(6, LOOP_SET_FD, 7) = 0 [pid 5117] close(7) = 0 [pid 5117] close(6) = 0 [pid 5117] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 84.642390][ T5074] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 84.645707][ T5117] loop0: detected capacity change from 0 to 512 [ 84.652516][ T5074] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 84.667996][ T5074] Buffer I/O error on dev loop0, logical block 0, async page read [pid 5117] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5117] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5117] chdir("./bus") = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5117] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5117] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5116] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 84.708500][ T5117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.721080][ T5117] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/9/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5115] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5115] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 0 [pid 5117] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5117] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = 0 [pid 5116] <... mmap resumed>) = 0x20000000 [pid 5116] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] exit_group(0 [pid 5117] <... futex resumed>) = ? [pid 5116] <... futex resumed>) = ? [pid 5115] <... exit_group resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./9/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/cpuset.effective_cpus") = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 85.071707][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x5555563f26a0, 24 [pid 5072] <... clone resumed>, child_tidptr=0x5555563f2690) = 5120 [pid 5120] <... set_robust_list resumed>) = 0 [pid 5120] chdir("./10") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5120] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5121 attached [pid 5121] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5120] <... clone3 resumed> => {parent_tid=[5121]}, 88) = 5121 [pid 5121] <... rseq resumed>) = 0 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5121] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5121] <... set_robust_list resumed>) = 0 [pid 5120] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5121] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5120] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... openat resumed>) = 3 [pid 5121] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5121] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5120] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... openat resumed>) = 4 [pid 5121] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5120] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] dup3(4, 3, 0 [pid 5120] <... futex resumed>) = 0 [pid 5121] <... dup3 resumed>) = 3 [pid 5120] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5120] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5120] <... futex resumed>) = 0 [pid 5121] <... openat resumed>) = 5 [pid 5120] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5120] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5120] <... futex resumed>) = 0 [pid 5121] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5120] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] memfd_create("syzkaller", 0 [pid 5120] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] <... memfd_create resumed>) = 6 [pid 5120] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5121] <... mmap resumed>) = 0x7f029d600000 [pid 5120] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5120] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5121] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5122 attached [pid 5121] munmap(0x7f029d600000, 138412032 [pid 5122] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5120] <... clone3 resumed> => {parent_tid=[5122]}, 88) = 5122 [pid 5122] <... rseq resumed>) = 0 [pid 5121] <... munmap resumed>) = 0 [pid 5122] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5122] <... set_robust_list resumed>) = 0 [pid 5121] <... openat resumed>) = 7 [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5121] ioctl(7, LOOP_SET_FD, 6 [pid 5120] <... futex resumed>) = 0 [pid 5122] memfd_create("syzkaller", 0) = 8 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5121] <... ioctl resumed>) = 0 [pid 5120] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5122] <... mmap resumed>) = 0x7f029d600000 [pid 5121] close(6) = 0 [pid 5121] close(7) = 0 [pid 5121] mkdir("./bus", 0777 [pid 5122] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5121] <... mkdir resumed>) = 0 [pid 5122] <... write resumed>) = 262144 [pid 5121] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5122] munmap(0x7f029d600000, 138412032) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5122] close(8) = 0 [pid 5122] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5122] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5122] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 85.366528][ T5121] loop0: detected capacity change from 0 to 512 [pid 5120] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... mount resumed>) = 0 [pid 5121] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5120] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5121] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5120] futex(0x7f02a5c1772c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5121] <... futex resumed>) = 0 [ 85.447046][ T5121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.460389][ T5121] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/10/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5121] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... mmap resumed>) = 0x20000000 [pid 5120] <... mmap resumed>) = 0x7f02a5aea000 [pid 5120] mprotect(0x7f02a5aeb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5122] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5122] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b0a990, parent_tid=0x7f02a5b0a990, exit_signal=0, stack=0x7f02a5aea000, stack_size=0x20300, tls=0x7f02a5b0a6c0}./strace-static-x86_64: Process 5125 attached [pid 5125] rseq(0x7f02a5b0afe0, 0x20, 0, 0x53053053) = 0 [pid 5120] <... clone3 resumed> => {parent_tid=[5125]}, 88) = 5125 [pid 5125] set_robust_list(0x7f02a5b0a9a0, 24 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5125] <... set_robust_list resumed>) = 0 [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] futex(0x7f02a5c17728, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5125] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5120] futex(0x7f02a5c1772c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... setxattr resumed>) = 0 [pid 5125] futex(0x7f02a5c1772c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] exit_group(0 [pid 5125] <... futex resumed>) = ? [pid 5121] <... futex resumed>) = ? [pid 5120] <... exit_group resumed>) = ? [pid 5122] <... futex resumed>) = ? [pid 5122] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./10/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/cpuset.effective_cpus") = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 [ 85.747706][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5126 attached , child_tidptr=0x5555563f2690) = 5126 [pid 5126] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5126] chdir("./11") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5126] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5126] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5127 attached => {parent_tid=[5127]}, 88) = 5127 [pid 5127] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], [pid 5127] <... rseq resumed>) = 0 [pid 5127] set_robust_list(0x7f02a5b4c9a0, 24) = 0 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5127] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5126] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5127] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5126] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... openat resumed>) = 3 [pid 5127] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5127] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5127] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... openat resumed>) = 4 [pid 5127] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5127] dup3(4, 3, 0 [pid 5126] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... dup3 resumed>) = 3 [pid 5127] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5127] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5127] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5126] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... openat resumed>) = 5 [pid 5127] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = 1 [pid 5126] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5126] <... futex resumed>) = 0 [pid 5127] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5126] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5127] memfd_create("syzkaller", 0 [pid 5126] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] <... memfd_create resumed>) = 6 [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5126] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5127] <... mmap resumed>) = 0x7f029d600000 [pid 5126] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5126] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5127] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5126] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5128 attached [pid 5128] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5126] <... clone3 resumed> => {parent_tid=[5128]}, 88) = 5128 [pid 5128] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... set_robust_list resumed>) = 0 [pid 5126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5126] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5126] <... futex resumed>) = 0 [pid 5128] memfd_create("syzkaller", 0 [pid 5126] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5128] <... memfd_create resumed>) = 7 [pid 5127] <... write resumed>) = 262144 [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5127] munmap(0x7f029d600000, 138412032 [pid 5128] <... mmap resumed>) = 0x7f0295200000 [pid 5127] <... munmap resumed>) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5127] ioctl(8, LOOP_SET_FD, 6 [pid 5128] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5128] munmap(0x7f0295200000, 138412032 [pid 5127] <... ioctl resumed>) = 0 [pid 5127] close(6) = 0 [pid 5128] <... munmap resumed>) = 0 [pid 5127] close(8) = 0 [pid 5127] mkdir("./bus", 0777 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5127] <... mkdir resumed>) = 0 [pid 5127] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5128] <... openat resumed>) = 6 [pid 5128] ioctl(6, LOOP_SET_FD, 7 [pid 5127] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5128] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5128] ioctl(6, LOOP_CLR_FD [pid 5127] <... openat resumed>) = 8 [pid 5128] <... ioctl resumed>) = 0 [pid 5127] ioctl(8, LOOP_CLR_FD) = 0 [pid 5127] close(8) = 0 [pid 5127] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] ioctl(6, LOOP_SET_FD, 7 [pid 5127] <... futex resumed>) = 0 [ 86.039326][ T5127] loop0: detected capacity change from 0 to 512 [ 86.070415][ T5127] /dev/loop0: Can't open blockdev [pid 5128] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5128] close(6 [pid 5127] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... close resumed>) = 0 [pid 5128] close(7) = 0 [pid 5128] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5128] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5127] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5126] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5126] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5128] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5126] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5128] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5128] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] <... mmap resumed>) = 0x20000000 [pid 5127] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] exit_group(0 [pid 5128] <... futex resumed>) = ? [pid 5126] <... exit_group resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5127] <... futex resumed>) = ? [pid 5127] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 [ 86.375211][ T23] cfg80211: failed to load regulatory.db umount2("./11/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/cpuset.effective_cpus") = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached , child_tidptr=0x5555563f2690) = 5129 [pid 5129] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5129] chdir("./12") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5129] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5130 attached [pid 5130] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5129] <... clone3 resumed> => {parent_tid=[5130]}, 88) = 5130 [pid 5130] set_robust_list(0x7f02a5b4c9a0, 24) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... openat resumed>) = 3 [pid 5130] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5130] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5129] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... openat resumed>) = 4 [pid 5130] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] <... futex resumed>) = 0 [pid 5130] dup3(4, 3, 0 [pid 5129] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... dup3 resumed>) = 3 [pid 5130] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5129] <... futex resumed>) = 0 [pid 5130] <... openat resumed>) = 5 [pid 5129] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] <... futex resumed>) = 0 [pid 5130] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5129] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5130] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5130] memfd_create("syzkaller", 0 [pid 5129] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] <... memfd_create resumed>) = 6 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5129] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5130] <... mmap resumed>) = 0x7f029d600000 [pid 5129] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5130] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5129] <... mprotect resumed>) = 0 [pid 5129] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5130] <... write resumed>) = 262144 [pid 5129] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5130] munmap(0x7f029d600000, 138412032 [pid 5129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5131 attached => {parent_tid=[5131]}, 88) = 5131 [pid 5131] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5130] <... munmap resumed>) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5131] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5131] <... set_robust_list resumed>) = 0 [pid 5129] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5129] <... futex resumed>) = 0 [pid 5131] memfd_create("syzkaller", 0 [pid 5129] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5130] <... openat resumed>) = 7 [pid 5131] <... memfd_create resumed>) = 8 [pid 5130] ioctl(7, LOOP_SET_FD, 6 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5130] <... ioctl resumed>) = 0 [pid 5130] close(6) = 0 [pid 5130] close(7 [pid 5131] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5130] <... close resumed>) = 0 [pid 5130] mkdir("./bus", 0777) = 0 [pid 5130] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5131] <... write resumed>) = 262144 [pid 5131] munmap(0x7f029d600000, 138412032) = 0 [ 86.622040][ T5130] loop0: detected capacity change from 0 to 512 [ 86.656112][ T5130] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5131] close(8 [pid 5130] <... mount resumed>) = 0 [pid 5130] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5130] chdir("./bus") = 0 [pid 5131] <... close resumed>) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5131] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5131] <... futex resumed>) = 1 [pid 5130] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5131] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5130] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 86.669320][ T5130] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/12/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5129] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5129] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... futex resumed>) = 0 [pid 5131] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5131] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5131] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... mmap resumed>) = 0x20000000 [pid 5130] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] exit_group(0) = ? [pid 5130] <... futex resumed>) = ? [pid 5131] <... futex resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./12/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/cpuset.effective_cpus") = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 86.997197][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. unlink("./12/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached , child_tidptr=0x5555563f2690) = 5135 [pid 5135] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5135] chdir("./13") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5135] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5136 attached [pid 5136] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5135] <... clone3 resumed> => {parent_tid=[5136]}, 88) = 5136 [pid 5136] <... rseq resumed>) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5136] <... set_robust_list resumed>) = 0 [pid 5135] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], [pid 5135] <... futex resumed>) = 0 [pid 5136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5135] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5136] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5136] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5135] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... openat resumed>) = 4 [pid 5136] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5136] dup3(4, 3, 0) = 3 [pid 5135] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] <... futex resumed>) = 0 [pid 5135] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] <... futex resumed>) = 0 [pid 5136] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5135] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5136] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] memfd_create("syzkaller", 0 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... memfd_create resumed>) = 6 [pid 5135] <... futex resumed>) = 0 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5136] <... mmap resumed>) = 0x7f029d600000 [pid 5135] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5135] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5136] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5135] <... mprotect resumed>) = 0 [pid 5135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5136] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5137 attached [pid 5136] munmap(0x7f029d600000, 138412032 [pid 5137] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5135] <... clone3 resumed> => {parent_tid=[5137]}, 88) = 5137 [pid 5137] <... rseq resumed>) = 0 [pid 5137] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] <... munmap resumed>) = 0 [pid 5137] <... set_robust_list resumed>) = 0 [pid 5135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5135] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5135] <... futex resumed>) = 0 [pid 5137] memfd_create("syzkaller", 0 [pid 5135] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5136] <... openat resumed>) = 8 [pid 5137] <... memfd_create resumed>) = 7 [pid 5136] ioctl(8, LOOP_SET_FD, 6 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5136] <... ioctl resumed>) = 0 [pid 5136] close(6 [pid 5137] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5136] <... close resumed>) = 0 [pid 5136] close(8) = 0 [pid 5137] <... write resumed>) = 262144 [pid 5137] munmap(0x7f029d600000, 138412032 [pid 5136] mkdir("./bus", 0777 [pid 5137] <... munmap resumed>) = 0 [pid 5136] <... mkdir resumed>) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5136] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5137] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5137] ioctl(6, LOOP_CLR_FD [pid 5136] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5136] ioctl(8, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5136] close(8) = 0 [pid 5136] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 87.311314][ T5136] loop0: detected capacity change from 0 to 512 [ 87.348276][ T5136] /dev/loop0: Can't open blockdev [pid 5136] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] <... ioctl resumed>) = 0 [pid 5137] ioctl(6, LOOP_SET_FD, 7) = 0 [pid 5137] close(7) = 0 [pid 5137] close(6) = 0 [pid 5137] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 87.410503][ T5074] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 87.430235][ T5137] loop0: detected capacity change from 0 to 512 [pid 5137] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5137] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5137] chdir("./bus") = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5137] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5137] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5135] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 87.474853][ T5137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.487567][ T5137] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/13/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5136] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5135] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5135] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 0 [pid 5137] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5137] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5137] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... mmap resumed>) = 0x20000000 [pid 5136] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] exit_group(0 [pid 5137] <... futex resumed>) = ? [pid 5136] <... futex resumed>) = ? [pid 5135] <... exit_group resumed>) = ? [pid 5137] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./13/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/cpuset.effective_cpus") = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 87.822625][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5140 attached , child_tidptr=0x5555563f2690) = 5140 [pid 5140] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5140] chdir("./14") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5140] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5141 attached [pid 5141] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5140] <... clone3 resumed> => {parent_tid=[5141]}, 88) = 5141 [pid 5141] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5141] <... set_robust_list resumed>) = 0 [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], [pid 5140] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5140] <... futex resumed>) = 0 [pid 5141] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5140] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... openat resumed>) = 3 [pid 5141] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 0 [pid 5141] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5141] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5141] dup3(4, 3, 0 [pid 5140] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... dup3 resumed>) = 3 [pid 5141] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5141] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... openat resumed>) = 5 [pid 5141] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] <... futex resumed>) = 0 [pid 5141] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5140] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5141] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] <... futex resumed>) = 0 [pid 5141] memfd_create("syzkaller", 0 [pid 5140] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] <... memfd_create resumed>) = 6 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5141] <... mmap resumed>) = 0x7f029d600000 [pid 5140] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5140] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5141] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5140] <... mprotect resumed>) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5141] <... write resumed>) = 262144 [pid 5140] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5142 attached [pid 5142] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5141] munmap(0x7f029d600000, 138412032 [pid 5140] <... clone3 resumed> => {parent_tid=[5142]}, 88) = 5142 [pid 5142] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5142] <... set_robust_list resumed>) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5141] <... munmap resumed>) = 0 [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5140] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5142] memfd_create("syzkaller", 0 [pid 5141] <... openat resumed>) = 7 [pid 5142] <... memfd_create resumed>) = 8 [pid 5141] ioctl(7, LOOP_SET_FD, 6 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5141] <... ioctl resumed>) = 0 [pid 5141] close(6) = 0 [pid 5142] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5141] close(7) = 0 [pid 5141] mkdir("./bus", 0777 [pid 5142] <... write resumed>) = 262144 [pid 5142] munmap(0x7f029d600000, 138412032 [pid 5141] <... mkdir resumed>) = 0 [pid 5141] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5142] <... munmap resumed>) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5142] close(8) = 0 [pid 5142] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5140] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 88.091491][ T5141] loop0: detected capacity change from 0 to 512 [ 88.126208][ T5141] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5142] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5141] <... mount resumed>) = 0 [pid 5141] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5140] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5140] futex(0x7f02a5c1772c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 88.139238][ T5141] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/14/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5141] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... mmap resumed>) = 0x20000000 [pid 5142] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... mmap resumed>) = 0x7f02a5aea000 [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] mprotect(0x7f02a5aeb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b0a990, parent_tid=0x7f02a5b0a990, exit_signal=0, stack=0x7f02a5aea000, stack_size=0x20300, tls=0x7f02a5b0a6c0}./strace-static-x86_64: Process 5145 attached [pid 5145] rseq(0x7f02a5b0afe0, 0x20, 0, 0x53053053 [pid 5140] <... clone3 resumed> => {parent_tid=[5145]}, 88) = 5145 [pid 5145] <... rseq resumed>) = 0 [pid 5145] set_robust_list(0x7f02a5b0a9a0, 24) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5145] futex(0x7f02a5c17728, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5140] futex(0x7f02a5c17728, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5140] <... futex resumed>) = 1 [pid 5140] futex(0x7f02a5c1772c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... setxattr resumed>) = 0 [pid 5145] futex(0x7f02a5c1772c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5145] futex(0x7f02a5c17728, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] exit_group(0 [pid 5141] <... futex resumed>) = ? [pid 5145] <... futex resumed>) = ? [pid 5141] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ [pid 5140] <... exit_group resumed>) = ? [pid 5142] <... futex resumed>) = ? [pid 5142] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./14/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/cpuset.effective_cpus") = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 [ 88.463665][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5146 attached , child_tidptr=0x5555563f2690) = 5146 [pid 5146] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5146] chdir("./15") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5146] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5147 attached [pid 5147] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5147] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5146] <... clone3 resumed> => {parent_tid=[5147]}, 88) = 5147 [pid 5147] <... set_robust_list resumed>) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5147] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5146] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5146] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... openat resumed>) = 3 [pid 5147] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5146] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... openat resumed>) = 4 [pid 5147] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] dup3(4, 3, 0 [pid 5146] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... dup3 resumed>) = 3 [pid 5147] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5146] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... openat resumed>) = 5 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5146] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] memfd_create("syzkaller", 0 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... memfd_create resumed>) = 6 [pid 5146] <... futex resumed>) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5146] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5147] <... mmap resumed>) = 0x7f029d600000 [pid 5146] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5147] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5148 attached [pid 5148] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5148] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5147] <... write resumed>) = 262144 [pid 5146] <... clone3 resumed> => {parent_tid=[5148]}, 88) = 5148 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] munmap(0x7f029d600000, 138412032 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] memfd_create("syzkaller", 0 [pid 5146] <... futex resumed>) = 0 [pid 5148] <... memfd_create resumed>) = 7 [pid 5147] <... munmap resumed>) = 0 [pid 5146] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5148] <... mmap resumed>) = 0x7f029d600000 [pid 5147] <... openat resumed>) = 8 [pid 5147] ioctl(8, LOOP_SET_FD, 6) = 0 [pid 5148] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5147] close(6) = 0 [pid 5147] close(8 [pid 5148] <... write resumed>) = 262144 [pid 5147] <... close resumed>) = 0 [pid 5148] munmap(0x7f029d600000, 138412032) = 0 [pid 5147] mkdir("./bus", 0777 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5147] <... mkdir resumed>) = 0 [pid 5148] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5148] ioctl(6, LOOP_CLR_FD) = 0 [ 88.837840][ T5147] loop0: detected capacity change from 0 to 512 [pid 5147] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5148] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5147] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5148] close(6) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5148] close(7 [pid 5147] ioctl(6, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5147] close(6) = 0 [pid 5147] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... close resumed>) = 0 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5147] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 88.878147][ T5147] /dev/loop0: Can't open blockdev [pid 5146] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5146] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5148] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 1 [pid 5146] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... mmap resumed>) = 0x20000000 [pid 5147] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] exit_group(0 [pid 5148] <... futex resumed>) = ? [pid 5147] <... futex resumed>) = ? [pid 5146] <... exit_group resumed>) = ? [pid 5148] +++ exited with 0 +++ [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./15/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/cpuset.effective_cpus") = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x5555563f2690) = 5149 [pid 5149] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5149] chdir("./16") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5149] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5150 attached [pid 5150] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5149] <... clone3 resumed> => {parent_tid=[5150]}, 88) = 5150 [pid 5150] <... rseq resumed>) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5150] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5150] <... set_robust_list resumed>) = 0 [pid 5149] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5149] <... futex resumed>) = 0 [pid 5150] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5149] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... openat resumed>) = 3 [pid 5150] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5149] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5150] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] <... futex resumed>) = 0 [pid 5150] dup3(4, 3, 0) = 3 [pid 5149] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] <... futex resumed>) = 0 [pid 5149] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5149] <... futex resumed>) = 0 [pid 5150] <... openat resumed>) = 5 [pid 5149] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 1 [pid 5150] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5150] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5149] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] memfd_create("syzkaller", 0 [pid 5149] <... futex resumed>) = 0 [pid 5150] <... memfd_create resumed>) = 6 [pid 5149] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5149] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5150] <... mmap resumed>) = 0x7f029d600000 [pid 5149] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5150] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5151 attached [pid 5149] <... clone3 resumed> => {parent_tid=[5151]}, 88) = 5151 [pid 5151] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5151] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5151] <... set_robust_list resumed>) = 0 [pid 5149] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] <... futex resumed>) = 0 [pid 5151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5151] memfd_create("syzkaller", 0 [pid 5149] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5151] <... memfd_create resumed>) = 7 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5150] <... write resumed>) = 262144 [pid 5151] <... mmap resumed>) = 0x7f0295200000 [pid 5151] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5150] munmap(0x7f029d600000, 138412032) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5151] <... write resumed>) = 262144 [pid 5150] <... openat resumed>) = 8 [pid 5150] ioctl(8, LOOP_SET_FD, 6 [pid 5151] munmap(0x7f0295200000, 138412032 [pid 5150] <... ioctl resumed>) = 0 [pid 5151] <... munmap resumed>) = 0 [pid 5150] close(6) = 0 [pid 5150] close(8) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5150] mkdir("./bus", 0777 [pid 5151] ioctl(6, LOOP_SET_FD, 7 [pid 5150] <... mkdir resumed>) = 0 [pid 5151] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5151] ioctl(6, LOOP_CLR_FD) = 0 [pid 5150] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [ 89.417799][ T5150] loop0: detected capacity change from 0 to 512 [pid 5151] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5151] close(6 [pid 5150] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5151] <... close resumed>) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5150] ioctl(6, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5151] close(7 [pid 5150] close(6) = 0 [pid 5150] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... close resumed>) = 0 [pid 5151] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5151] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5150] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5149] <... futex resumed>) = 1 [ 89.463036][ T5150] /dev/loop0: Can't open blockdev [pid 5149] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5149] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5149] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5151] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5151] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... mmap resumed>) = 0x20000000 [pid 5150] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] exit_group(0 [pid 5151] <... futex resumed>) = ? [pid 5151] +++ exited with 0 +++ [pid 5150] <... futex resumed>) = ? [pid 5149] <... exit_group resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./16/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/cpuset.effective_cpus") = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x5555563f26a0, 24 [pid 5072] <... clone resumed>, child_tidptr=0x5555563f2690) = 5152 [pid 5152] <... set_robust_list resumed>) = 0 [pid 5152] chdir("./17") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5152] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5153 attached [pid 5153] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5152] <... clone3 resumed> => {parent_tid=[5153]}, 88) = 5153 [pid 5153] set_robust_list(0x7f02a5b4c9a0, 24) = 0 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5153] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... openat resumed>) = 3 [pid 5153] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5153] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5152] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... openat resumed>) = 4 [pid 5153] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5153] dup3(4, 3, 0 [pid 5152] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... dup3 resumed>) = 3 [pid 5153] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5153] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5152] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... openat resumed>) = 5 [pid 5153] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5153] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5152] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5153] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5153] memfd_create("syzkaller", 0 [pid 5152] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... memfd_create resumed>) = 6 [pid 5152] <... futex resumed>) = 0 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5152] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5153] <... mmap resumed>) = 0x7f029d600000 [pid 5152] <... mprotect resumed>) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5153] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5154 attached [pid 5154] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5152] <... clone3 resumed> => {parent_tid=[5154]}, 88) = 5154 [pid 5154] <... rseq resumed>) = 0 [pid 5154] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] <... set_robust_list resumed>) = 0 [pid 5153] <... write resumed>) = 262144 [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] munmap(0x7f029d600000, 138412032 [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5153] <... munmap resumed>) = 0 [pid 5152] <... futex resumed>) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5152] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5154] memfd_create("syzkaller", 0 [pid 5153] <... openat resumed>) = 7 [pid 5153] ioctl(7, LOOP_SET_FD, 6 [pid 5154] <... memfd_create resumed>) = 8 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5153] <... ioctl resumed>) = 0 [pid 5153] close(6) = 0 [pid 5153] close(7 [pid 5154] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5153] <... close resumed>) = 0 [pid 5153] mkdir("./bus", 0777) = 0 [pid 5153] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5154] <... write resumed>) = 262144 [pid 5154] munmap(0x7f029d600000, 138412032) = 0 [ 90.088797][ T5153] loop0: detected capacity change from 0 to 512 [ 90.125918][ T5153] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5154] close(8) = 0 [pid 5153] <... mount resumed>) = 0 [pid 5154] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5153] chdir("./bus") = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5154] <... futex resumed>) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5154] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5152] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 0 [ 90.138679][ T5153] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/17/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5153] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5152] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5152] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 0 [pid 5153] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5153] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5153] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... mmap resumed>) = 0x20000000 [pid 5154] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] exit_group(0 [pid 5154] <... futex resumed>) = ? [pid 5153] <... futex resumed>) = ? [pid 5152] <... exit_group resumed>) = ? [pid 5154] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./17/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/cpuset.effective_cpus") = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 90.471953][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5158 attached , child_tidptr=0x5555563f2690) = 5158 [pid 5158] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5158] chdir("./18") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5158] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5159 attached [pid 5159] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5158] <... clone3 resumed> => {parent_tid=[5159]}, 88) = 5159 [pid 5159] <... rseq resumed>) = 0 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5159] <... set_robust_list resumed>) = 0 [pid 5158] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], [pid 5158] <... futex resumed>) = 0 [pid 5159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5158] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5159] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5159] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = 1 [pid 5159] dup3(4, 3, 0 [pid 5158] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... dup3 resumed>) = 3 [pid 5159] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = 1 [pid 5158] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... openat resumed>) = 5 [pid 5159] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5158] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5159] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] memfd_create("syzkaller", 0 [pid 5158] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] <... memfd_create resumed>) = 6 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5158] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5159] <... mmap resumed>) = 0x7f029d600000 [pid 5158] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5160 attached [pid 5160] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5159] <... write resumed>) = 262144 [pid 5158] <... clone3 resumed> => {parent_tid=[5160]}, 88) = 5160 [pid 5160] <... rseq resumed>) = 0 [pid 5159] munmap(0x7f029d600000, 138412032 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5160] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] <... set_robust_list resumed>) = 0 [pid 5159] <... munmap resumed>) = 0 [pid 5158] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], [pid 5158] <... futex resumed>) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5159] ioctl(7, LOOP_SET_FD, 6 [pid 5160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5158] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5160] memfd_create("syzkaller", 0) = 8 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5159] <... ioctl resumed>) = 0 [pid 5159] close(6) = 0 [pid 5159] close(7 [pid 5160] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5159] <... close resumed>) = 0 [pid 5159] mkdir("./bus", 0777) = 0 [pid 5159] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5160] <... write resumed>) = 262144 [pid 5160] munmap(0x7f029d600000, 138412032) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 90.750637][ T5159] loop0: detected capacity change from 0 to 512 [pid 5160] close(8) = 0 [pid 5160] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5160] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5158] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... mount resumed>) = 0 [pid 5159] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5159] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.815400][ T5159] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.828516][ T5159] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/18/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5159] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5158] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = 1 [pid 5159] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5158] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... setxattr resumed>) = 0 [pid 5159] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] <... mmap resumed>) = 0x20000000 [pid 5160] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] exit_group(0 [pid 5160] <... futex resumed>) = ? [pid 5159] <... futex resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5160] +++ exited with 0 +++ [pid 5158] <... exit_group resumed>) = ? [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./18/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/cpuset.effective_cpus") = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 [ 91.130447][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5072] <... clone resumed>, child_tidptr=0x5555563f2690) = 5163 [pid 5163] chdir("./19") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5163] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5164 attached [pid 5164] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5163] <... clone3 resumed> => {parent_tid=[5164]}, 88) = 5164 [pid 5164] <... rseq resumed>) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] <... set_robust_list resumed>) = 0 [pid 5163] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5164] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5163] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... openat resumed>) = 3 [pid 5164] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5164] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5163] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... openat resumed>) = 4 [pid 5164] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5164] dup3(4, 3, 0 [pid 5163] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... dup3 resumed>) = 3 [pid 5164] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5163] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... openat resumed>) = 5 [pid 5163] <... futex resumed>) = 0 [pid 5164] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5164] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5163] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5164] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] memfd_create("syzkaller", 0 [pid 5163] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... memfd_create resumed>) = 6 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5163] <... futex resumed>) = 0 [pid 5164] <... mmap resumed>) = 0x7f029d600000 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5164] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5163] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] <... write resumed>) = 262144 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5164] munmap(0x7f029d600000, 138412032 [pid 5163] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5164] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5165 attached [pid 5165] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5163] <... clone3 resumed> => {parent_tid=[5165]}, 88) = 5165 [pid 5165] <... rseq resumed>) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5165] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5165] memfd_create("syzkaller", 0 [pid 5164] <... openat resumed>) = 7 [pid 5163] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5165] <... memfd_create resumed>) = 8 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5164] ioctl(7, LOOP_SET_FD, 6 [pid 5165] <... mmap resumed>) = 0x7f029d600000 [pid 5164] <... ioctl resumed>) = 0 [pid 5164] close(6) = 0 [pid 5164] close(7) = 0 [pid 5165] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5164] mkdir("./bus", 0777 [pid 5165] <... write resumed>) = 262144 [pid 5165] munmap(0x7f029d600000, 138412032) = 0 [pid 5164] <... mkdir resumed>) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5164] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5165] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5165] close(8) = 0 [pid 5165] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5163] <... futex resumed>) = 0 [ 91.423859][ T5164] loop0: detected capacity change from 0 to 512 [pid 5163] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... mount resumed>) = 0 [pid 5164] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY [pid 5163] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5164] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5163] futex(0x7f02a5c1772c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5164] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5164] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.485562][ T5164] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.498698][ T5164] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/19/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5164] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... mmap resumed>) = 0x20000000 [pid 5165] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... mmap resumed>) = 0x7f02a5aea000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] mprotect(0x7f02a5aeb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b0a990, parent_tid=0x7f02a5b0a990, exit_signal=0, stack=0x7f02a5aea000, stack_size=0x20300, tls=0x7f02a5b0a6c0}./strace-static-x86_64: Process 5168 attached [pid 5168] rseq(0x7f02a5b0afe0, 0x20, 0, 0x53053053 [pid 5163] <... clone3 resumed> => {parent_tid=[5168]}, 88) = 5168 [pid 5168] <... rseq resumed>) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5168] set_robust_list(0x7f02a5b0a9a0, 24 [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] <... set_robust_list resumed>) = 0 [pid 5163] futex(0x7f02a5c17728, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] <... futex resumed>) = 0 [pid 5168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5163] futex(0x7f02a5c1772c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... setxattr resumed>) = 0 [pid 5168] futex(0x7f02a5c1772c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5163] exit_group(0 [pid 5168] futex(0x7f02a5c17728, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5165] <... futex resumed>) = ? [pid 5164] <... futex resumed>) = ? [pid 5163] <... exit_group resumed>) = ? [pid 5168] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./19/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/cpuset.effective_cpus") = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 91.784269][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563f2690) = 5169 ./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5169] chdir("./20") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5169] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5170 attached [pid 5170] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5169] <... clone3 resumed> => {parent_tid=[5170]}, 88) = 5170 [pid 5170] <... rseq resumed>) = 0 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5170] <... set_robust_list resumed>) = 0 [pid 5169] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], [pid 5169] <... futex resumed>) = 0 [pid 5170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5169] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5170] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5169] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... openat resumed>) = 4 [pid 5170] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5170] dup3(4, 3, 0 [pid 5169] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... dup3 resumed>) = 3 [pid 5170] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] <... futex resumed>) = 0 [pid 5170] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5169] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... openat resumed>) = 5 [pid 5170] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5169] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5170] memfd_create("syzkaller", 0 [pid 5169] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] <... memfd_create resumed>) = 6 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5169] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5169] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5170] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5169] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5171 attached [pid 5171] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5171] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5170] <... write resumed>) = 262144 [pid 5169] <... clone3 resumed> => {parent_tid=[5171]}, 88) = 5171 [pid 5171] <... set_robust_list resumed>) = 0 [pid 5170] munmap(0x7f029d600000, 138412032 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], [pid 5171] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] <... munmap resumed>) = 0 [pid 5169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5169] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] memfd_create("syzkaller", 0 [pid 5169] <... futex resumed>) = 0 [pid 5171] <... memfd_create resumed>) = 7 [pid 5169] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5171] <... mmap resumed>) = 0x7f029d600000 [pid 5170] <... openat resumed>) = 8 [pid 5170] ioctl(8, LOOP_SET_FD, 6 [pid 5171] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5171] munmap(0x7f029d600000, 138412032) = 0 [pid 5170] <... ioctl resumed>) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5170] close(6 [pid 5171] <... openat resumed>) = 9 [pid 5170] <... close resumed>) = 0 [pid 5171] ioctl(9, LOOP_SET_FD, 7 [pid 5170] close(8 [pid 5171] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5170] <... close resumed>) = 0 [pid 5171] ioctl(9, LOOP_CLR_FD [pid 5170] mkdir("./bus", 0777 [pid 5171] <... ioctl resumed>) = 0 [pid 5170] <... mkdir resumed>) = 0 [pid 5170] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [ 92.045117][ T5170] loop0: detected capacity change from 0 to 512 [pid 5171] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5171] close(9 [pid 5170] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5171] <... close resumed>) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5171] close(7 [pid 5170] <... openat resumed>) = 6 [pid 5170] ioctl(6, LOOP_CLR_FD) = 0 [pid 5171] <... close resumed>) = 0 [pid 5170] close(6 [pid 5171] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... close resumed>) = 0 [pid 5169] <... futex resumed>) = 0 [pid 5171] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 0 [pid 5170] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 92.091303][ T5170] /dev/loop0: Can't open blockdev [pid 5169] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5169] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5171] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5171] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... futex resumed>) = 1 [pid 5169] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] <... mmap resumed>) = 0x20000000 [pid 5170] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] exit_group(0 [pid 5171] <... futex resumed>) = ? [pid 5169] <... exit_group resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5170] <... futex resumed>) = ? [pid 5170] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./20/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/cpuset.effective_cpus") = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5172 attached , child_tidptr=0x5555563f2690) = 5172 [pid 5172] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5172] chdir("./21") = 0 [pid 5172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5172] setpgid(0, 0) = 0 [pid 5172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5172] write(3, "1000", 4) = 4 [pid 5172] close(3) = 0 [pid 5172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5172] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5172] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5172] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5173 attached [pid 5173] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5172] <... clone3 resumed> => {parent_tid=[5173]}, 88) = 5173 [pid 5173] <... rseq resumed>) = 0 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5173] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] <... set_robust_list resumed>) = 0 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] <... futex resumed>) = 0 [pid 5173] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5172] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... openat resumed>) = 3 [pid 5173] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5173] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5172] <... futex resumed>) = 0 [pid 5173] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5172] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... openat resumed>) = 4 [pid 5173] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5173] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5172] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] dup3(4, 3, 0 [pid 5172] <... futex resumed>) = 0 [pid 5173] <... dup3 resumed>) = 3 [pid 5172] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] <... futex resumed>) = 0 [pid 5172] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5172] <... futex resumed>) = 0 [pid 5173] <... openat resumed>) = 5 [pid 5172] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] <... futex resumed>) = 0 [pid 5172] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5172] <... futex resumed>) = 0 [pid 5173] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5172] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5173] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5172] <... futex resumed>) = 0 [pid 5173] memfd_create("syzkaller", 0 [pid 5172] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] <... memfd_create resumed>) = 6 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5172] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5173] <... mmap resumed>) = 0x7f029d600000 [pid 5172] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5173] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5174 attached [pid 5174] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5172] <... clone3 resumed> => {parent_tid=[5174]}, 88) = 5174 [pid 5174] <... rseq resumed>) = 0 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5173] <... write resumed>) = 262144 [pid 5172] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] <... futex resumed>) = 0 [pid 5174] memfd_create("syzkaller", 0 [pid 5172] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5174] <... memfd_create resumed>) = 7 [pid 5173] munmap(0x7f029d600000, 138412032 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5173] <... munmap resumed>) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5174] <... mmap resumed>) = 0x7f029d600000 [pid 5173] <... openat resumed>) = 8 [pid 5173] ioctl(8, LOOP_SET_FD, 6 [pid 5174] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5174] munmap(0x7f029d600000, 138412032) = 0 [pid 5173] <... ioctl resumed>) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5173] close(6 [pid 5174] <... openat resumed>) = 9 [pid 5173] <... close resumed>) = 0 [pid 5173] close(8 [pid 5174] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5174] ioctl(9, LOOP_CLR_FD) = 0 [pid 5173] <... close resumed>) = 0 [pid 5173] mkdir("./bus", 0777) = 0 [pid 5173] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5174] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5174] close(9 [pid 5173] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5174] <... close resumed>) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5174] close(7 [pid 5173] <... openat resumed>) = 6 [pid 5173] ioctl(6, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5174] <... close resumed>) = 0 [ 92.634934][ T5173] loop0: detected capacity change from 0 to 512 [ 92.670544][ T5173] /dev/loop0: Can't open blockdev [pid 5173] close(6 [pid 5174] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... close resumed>) = 0 [pid 5173] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5172] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5172] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5172] <... futex resumed>) = 1 [pid 5174] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5172] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5174] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5174] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... mmap resumed>) = 0x20000000 [pid 5173] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] exit_group(0 [pid 5173] <... futex resumed>) = ? [pid 5172] <... exit_group resumed>) = ? [pid 5174] <... futex resumed>) = ? [pid 5173] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ [pid 5172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5172, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./21/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/cpuset.effective_cpus") = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached , child_tidptr=0x5555563f2690) = 5175 [pid 5175] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5175] chdir("./22") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5175] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5176 attached [pid 5176] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5175] <... clone3 resumed> => {parent_tid=[5176]}, 88) = 5176 [pid 5176] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5176] <... set_robust_list resumed>) = 0 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] <... futex resumed>) = 0 [pid 5176] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5175] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... openat resumed>) = 3 [pid 5176] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] <... futex resumed>) = 0 [pid 5176] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5175] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... openat resumed>) = 4 [pid 5176] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] dup3(4, 3, 0 [pid 5175] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... dup3 resumed>) = 3 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5176] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] <... futex resumed>) = 0 [pid 5176] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5175] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... openat resumed>) = 5 [pid 5176] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5175] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5176] memfd_create("syzkaller", 0 [pid 5175] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] <... memfd_create resumed>) = 6 [pid 5175] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5175] <... futex resumed>) = 0 [pid 5176] <... mmap resumed>) = 0x7f029d600000 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5176] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5175] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] <... write resumed>) = 262144 [pid 5175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5177 attached [pid 5177] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5175] <... clone3 resumed> => {parent_tid=[5177]}, 88) = 5177 [pid 5177] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] <... set_robust_list resumed>) = 0 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], [pid 5176] munmap(0x7f029d600000, 138412032 [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] memfd_create("syzkaller", 0 [pid 5175] <... futex resumed>) = 0 [pid 5177] <... memfd_create resumed>) = 7 [pid 5176] <... munmap resumed>) = 0 [pid 5175] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5176] <... openat resumed>) = 8 [pid 5177] <... mmap resumed>) = 0x7f029d600000 [pid 5176] ioctl(8, LOOP_SET_FD, 6) = 0 [pid 5176] close(6) = 0 [pid 5176] close(8 [pid 5177] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5176] <... close resumed>) = 0 [pid 5177] <... write resumed>) = 262144 [pid 5177] munmap(0x7f029d600000, 138412032 [pid 5176] mkdir("./bus", 0777) = 0 [pid 5176] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5177] <... munmap resumed>) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5177] close(7) = 0 [pid 5177] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5177] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5177] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 93.311232][ T5176] loop0: detected capacity change from 0 to 512 [pid 5175] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... mount resumed>) = 0 [pid 5176] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5176] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5175] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5176] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5175] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... setxattr resumed>) = 0 [pid 5176] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [ 93.376921][ T5176] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.390278][ T5176] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/22/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5176] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... mmap resumed>) = 0x20000000 [pid 5177] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] exit_group(0 [pid 5177] <... futex resumed>) = ? [pid 5176] <... futex resumed>) = ? [pid 5175] <... exit_group resumed>) = ? [pid 5177] +++ exited with 0 +++ [pid 5176] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./22/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/cpuset.effective_cpus") = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 [ 93.694276][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5180 attached , child_tidptr=0x5555563f2690) = 5180 [pid 5180] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5180] chdir("./23") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5180] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5181 attached => {parent_tid=[5181]}, 88) = 5181 [pid 5181] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5181] <... rseq resumed>) = 0 [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5181] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5180] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... set_robust_list resumed>) = 0 [pid 5180] <... futex resumed>) = 0 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], [pid 5180] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5181] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5181] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5181] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] <... futex resumed>) = 0 [pid 5181] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5180] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... openat resumed>) = 4 [pid 5181] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5181] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] <... futex resumed>) = 0 [pid 5181] dup3(4, 3, 0 [pid 5180] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... dup3 resumed>) = 3 [pid 5181] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5181] <... futex resumed>) = 1 [pid 5180] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5180] <... futex resumed>) = 0 [pid 5181] <... openat resumed>) = 5 [pid 5180] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] <... futex resumed>) = 0 [pid 5180] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5181] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5181] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] <... futex resumed>) = 0 [pid 5181] memfd_create("syzkaller", 0 [pid 5180] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... memfd_create resumed>) = 6 [pid 5180] <... futex resumed>) = 0 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5181] <... mmap resumed>) = 0x7f029d600000 [pid 5180] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5180] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5181] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5180] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5182 attached [pid 5182] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5181] <... write resumed>) = 262144 [pid 5180] <... clone3 resumed> => {parent_tid=[5182]}, 88) = 5182 [pid 5182] <... rseq resumed>) = 0 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5180] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5181] munmap(0x7f029d600000, 138412032 [pid 5180] <... futex resumed>) = 0 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5180] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5181] <... munmap resumed>) = 0 [pid 5182] memfd_create("syzkaller", 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5181] ioctl(7, LOOP_SET_FD, 6 [pid 5182] <... memfd_create resumed>) = 8 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5181] <... ioctl resumed>) = 0 [pid 5181] close(6) = 0 [pid 5182] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5181] close(7) = 0 [pid 5181] mkdir("./bus", 0777 [pid 5182] <... write resumed>) = 262144 [pid 5181] <... mkdir resumed>) = 0 [pid 5181] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5182] munmap(0x7f029d600000, 138412032) = 0 [ 94.025188][ T5181] loop0: detected capacity change from 0 to 512 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5182] close(8) = 0 [pid 5182] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5182] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5180] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... mount resumed>) = 0 [pid 5181] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 94.066246][ T5181] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.079516][ T5181] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/23/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5181] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5180] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 0 [pid 5181] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = 0 [pid 5181] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... futex resumed>) = 0 [pid 5182] <... mmap resumed>) = 0x20000000 [pid 5182] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] exit_group(0 [pid 5182] <... futex resumed>) = 0 [pid 5181] <... futex resumed>) = ? [pid 5180] <... exit_group resumed>) = ? [pid 5182] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5180, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./23/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/cpuset.effective_cpus") = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 94.410869][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached , child_tidptr=0x5555563f2690) = 5185 [pid 5185] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5185] chdir("./24") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5185] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5185] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5186 attached [pid 5186] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5186] set_robust_list(0x7f02a5b4c9a0, 24) = 0 [pid 5185] <... clone3 resumed> => {parent_tid=[5186]}, 88) = 5186 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], [pid 5185] rt_sigprocmask(SIG_SETMASK, [], [pid 5186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5186] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] <... futex resumed>) = 0 [pid 5186] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5185] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... openat resumed>) = 3 [pid 5186] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] <... futex resumed>) = 0 [pid 5186] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5185] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... openat resumed>) = 4 [pid 5186] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] dup3(4, 3, 0 [pid 5185] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... dup3 resumed>) = 3 [pid 5185] <... futex resumed>) = 0 [pid 5186] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] <... futex resumed>) = 0 [pid 5186] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5185] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... openat resumed>) = 5 [pid 5186] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5186] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5185] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5186] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] memfd_create("syzkaller", 0 [pid 5185] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... memfd_create resumed>) = 6 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... mmap resumed>) = 0x7f029d600000 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5185] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5187 attached [pid 5187] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5185] <... clone3 resumed> => {parent_tid=[5187]}, 88) = 5187 [pid 5187] <... rseq resumed>) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], [pid 5187] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5187] <... set_robust_list resumed>) = 0 [pid 5185] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], [pid 5185] <... futex resumed>) = 0 [pid 5187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5185] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5187] memfd_create("syzkaller", 0 [pid 5186] <... write resumed>) = 262144 [pid 5187] <... memfd_create resumed>) = 7 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5186] munmap(0x7f029d600000, 138412032 [pid 5187] <... mmap resumed>) = 0x7f0295200000 [pid 5186] <... munmap resumed>) = 0 [pid 5187] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5186] ioctl(8, LOOP_SET_FD, 6 [pid 5187] <... write resumed>) = 262144 [pid 5187] munmap(0x7f0295200000, 138412032) = 0 [pid 5186] <... ioctl resumed>) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 9 [pid 5186] close(6 [pid 5187] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5186] <... close resumed>) = 0 [pid 5187] ioctl(9, LOOP_CLR_FD [pid 5186] close(8 [pid 5187] <... ioctl resumed>) = 0 [pid 5186] <... close resumed>) = 0 [pid 5186] mkdir("./bus", 0777) = 0 [pid 5186] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5187] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5187] close(9) = 0 [pid 5187] close(7) = 0 [pid 5187] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5187] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5186] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5185] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5186] ioctl(6, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5186] close(6) = 0 [pid 5186] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 94.775368][ T5186] loop0: detected capacity change from 0 to 512 [ 94.788484][ T5186] /dev/loop0: Can't open blockdev [pid 5186] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5185] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5186] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5186] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] <... mmap resumed>) = 0x20000000 [pid 5187] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] exit_group(0 [pid 5186] <... futex resumed>) = ? [pid 5186] +++ exited with 0 +++ [pid 5187] <... futex resumed>) = ? [pid 5187] +++ exited with 0 +++ [pid 5185] <... exit_group resumed>) = ? [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./24/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/cpuset.effective_cpus") = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5188 attached , child_tidptr=0x5555563f2690) = 5188 [pid 5188] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5188] chdir("./25") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5188] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5188] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5189 attached [pid 5189] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5188] <... clone3 resumed> => {parent_tid=[5189]}, 88) = 5189 [pid 5189] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], [pid 5189] <... set_robust_list resumed>) = 0 [pid 5188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], [pid 5188] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5188] <... futex resumed>) = 0 [pid 5189] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5188] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... openat resumed>) = 3 [pid 5189] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5188] <... futex resumed>) = 0 [pid 5189] <... openat resumed>) = 4 [pid 5188] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5189] dup3(4, 3, 0 [pid 5188] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... dup3 resumed>) = 3 [pid 5189] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5189] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5188] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... openat resumed>) = 5 [pid 5189] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5189] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5188] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5189] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5189] memfd_create("syzkaller", 0 [pid 5188] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... memfd_create resumed>) = 6 [pid 5188] <... futex resumed>) = 0 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5189] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5188] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5189] <... write resumed>) = 262144 [pid 5188] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5190 attached [pid 5189] munmap(0x7f029d600000, 138412032 [pid 5188] <... clone3 resumed> => {parent_tid=[5190]}, 88) = 5190 [pid 5190] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5190] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5190] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] rt_sigprocmask(SIG_SETMASK, [], [pid 5189] <... munmap resumed>) = 0 [pid 5188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5188] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5190] memfd_create("syzkaller", 0 [pid 5189] <... openat resumed>) = 7 [pid 5188] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5189] ioctl(7, LOOP_SET_FD, 6 [pid 5190] <... memfd_create resumed>) = 8 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5189] <... ioctl resumed>) = 0 [pid 5189] close(6 [pid 5190] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5189] <... close resumed>) = 0 [pid 5189] close(7) = 0 [pid 5189] mkdir("./bus", 0777 [pid 5190] <... write resumed>) = 262144 [pid 5190] munmap(0x7f029d600000, 138412032 [pid 5189] <... mkdir resumed>) = 0 [pid 5189] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5190] <... munmap resumed>) = 0 [ 95.380839][ T5189] loop0: detected capacity change from 0 to 512 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5189] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5190] ioctl(6, LOOP_SET_FD, 8) = -1 EBUSY (Device or resource busy) [pid 5190] ioctl(6, LOOP_CLR_FD [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5189] ioctl(7, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 95.424814][ T5189] /dev/loop0: Can't open blockdev [pid 5189] close(7) = 0 [pid 5189] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] <... ioctl resumed>) = 0 [pid 5190] ioctl(6, LOOP_SET_FD, 8) = 0 [pid 5190] close(8) = 0 [pid 5190] close(6) = 0 [pid 5190] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 95.506815][ T5190] loop0: detected capacity change from 0 to 512 [pid 5190] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5190] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5190] chdir("./bus") = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5190] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5190] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5189] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 95.545931][ T5190] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.558836][ T5190] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/25/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5188] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5188] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5190] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5188] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5190] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5190] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... mmap resumed>) = 0x20000000 [pid 5189] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] exit_group(0 [pid 5190] <... futex resumed>) = ? [pid 5188] <... exit_group resumed>) = ? [pid 5190] +++ exited with 0 +++ [pid 5189] <... futex resumed>) = ? [pid 5189] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./25/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/cpuset.effective_cpus") = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 95.901088][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5194 attached , child_tidptr=0x5555563f2690) = 5194 [pid 5194] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5194] chdir("./26") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5194] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5196 attached [pid 5196] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5194] <... clone3 resumed> => {parent_tid=[5196]}, 88) = 5196 [pid 5196] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], [pid 5196] <... set_robust_list resumed>) = 0 [pid 5194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5194] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... openat resumed>) = 3 [pid 5196] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5196] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5194] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... openat resumed>) = 4 [pid 5196] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5196] <... futex resumed>) = 1 [pid 5194] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] dup3(4, 3, 0 [pid 5194] <... futex resumed>) = 0 [pid 5196] <... dup3 resumed>) = 3 [pid 5194] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5196] <... futex resumed>) = 1 [pid 5194] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5194] <... futex resumed>) = 0 [pid 5196] <... openat resumed>) = 5 [pid 5194] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5196] <... futex resumed>) = 1 [pid 5194] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5194] <... futex resumed>) = 0 [pid 5196] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5194] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5196] <... futex resumed>) = 1 [pid 5194] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] memfd_create("syzkaller", 0 [pid 5194] <... futex resumed>) = 0 [pid 5196] <... memfd_create resumed>) = 6 [pid 5194] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5194] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} => {parent_tid=[5197]}, 88) = 5197 ./strace-static-x86_64: Process 5197 attached [pid 5194] rt_sigprocmask(SIG_SETMASK, [], [pid 5197] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5197] <... rseq resumed>) = 0 [pid 5194] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5194] <... futex resumed>) = 0 [pid 5197] <... set_robust_list resumed>) = 0 [pid 5194] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5197] memfd_create("syzkaller", 0) = 7 [pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5196] <... write resumed>) = 262144 [pid 5197] <... mmap resumed>) = 0x7f0295200000 [pid 5196] munmap(0x7f029d600000, 138412032) = 0 [pid 5197] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5196] ioctl(8, LOOP_SET_FD, 6 [pid 5197] <... write resumed>) = 262144 [pid 5197] munmap(0x7f0295200000, 138412032) = 0 [pid 5196] <... ioctl resumed>) = 0 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5196] close(6 [pid 5197] <... openat resumed>) = 9 [pid 5196] <... close resumed>) = 0 [pid 5197] ioctl(9, LOOP_SET_FD, 7 [pid 5196] close(8 [pid 5197] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5196] <... close resumed>) = 0 [pid 5197] ioctl(9, LOOP_CLR_FD [pid 5196] mkdir("./bus", 0777) = 0 [pid 5196] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = -1 EBUSY (Device or resource busy) [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5196] ioctl(6, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5196] close(6) = 0 [pid 5196] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 96.151532][ T5196] loop0: detected capacity change from 0 to 512 [ 96.176959][ T5196] /dev/loop0: Can't open blockdev [pid 5196] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] <... ioctl resumed>) = 0 [pid 5197] ioctl(9, LOOP_SET_FD, 7) = 0 [pid 5197] close(7) = 0 [pid 5197] close(9) = 0 [pid 5197] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 96.203109][ T5195] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 96.234642][ T5197] loop0: detected capacity change from 0 to 512 [pid 5197] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5197] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5197] chdir("./bus") = 0 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5197] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5197] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5196] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 96.285354][ T5197] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.298210][ T5197] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/26/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5194] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5194] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... futex resumed>) = 0 [pid 5197] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5197] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5197] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] <... mmap resumed>) = 0x20000000 [pid 5196] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] exit_group(0 [pid 5197] <... futex resumed>) = ? [pid 5194] <... exit_group resumed>) = ? [pid 5196] <... futex resumed>) = ? [pid 5197] +++ exited with 0 +++ [pid 5196] +++ exited with 0 +++ [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./26/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/cpuset.effective_cpus") = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 [ 96.627767][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x5555563f2690) = 5201 [pid 5201] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5201] chdir("./27") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5201] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5202 attached [pid 5202] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5201] <... clone3 resumed> => {parent_tid=[5202]}, 88) = 5202 [pid 5202] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] <... set_robust_list resumed>) = 0 [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5201] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5202] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5201] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... openat resumed>) = 3 [pid 5202] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5201] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... openat resumed>) = 4 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] dup3(4, 3, 0 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... dup3 resumed>) = 3 [pid 5201] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... openat resumed>) = 5 [pid 5201] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5201] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5202] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5201] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] memfd_create("syzkaller", 0 [pid 5201] <... futex resumed>) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5201] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5202] <... memfd_create resumed>) = 6 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5201] <... mprotect resumed>) = 0 [pid 5202] <... mmap resumed>) = 0x7f029d600000 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5202] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5203 attached [pid 5203] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5201] <... clone3 resumed> => {parent_tid=[5203]}, 88) = 5203 [pid 5203] <... rseq resumed>) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5201] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] memfd_create("syzkaller", 0) = 7 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0295200000 [pid 5202] <... write resumed>) = 262144 [pid 5202] munmap(0x7f029d600000, 138412032) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5203] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5202] <... openat resumed>) = 8 [pid 5203] <... write resumed>) = 262144 [pid 5202] ioctl(8, LOOP_SET_FD, 6 [pid 5203] munmap(0x7f0295200000, 138412032) = 0 [pid 5202] <... ioctl resumed>) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5202] close(6 [pid 5203] <... openat resumed>) = 6 [pid 5202] <... close resumed>) = 0 [pid 5202] close(8 [pid 5203] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5202] <... close resumed>) = 0 [pid 5203] ioctl(6, LOOP_CLR_FD [pid 5202] mkdir("./bus", 0777) = 0 [pid 5202] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = -1 EBUSY (Device or resource busy) [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5202] ioctl(8, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5202] close(8) = 0 [pid 5202] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 96.998272][ T5202] loop0: detected capacity change from 0 to 512 [ 97.032396][ T5202] /dev/loop0: Can't open blockdev [pid 5202] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... ioctl resumed>) = 0 [pid 5203] ioctl(6, LOOP_SET_FD, 7) = 0 [pid 5203] close(7) = 0 [pid 5203] close(6) = 0 [pid 5203] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 97.062740][ T5195] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 97.075269][ T5203] loop0: detected capacity change from 0 to 512 [pid 5203] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5203] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5203] chdir("./bus") = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5203] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5203] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5202] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 97.137122][ T5203] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.149769][ T5203] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/27/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5201] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5201] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... futex resumed>) = 0 [pid 5203] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5203] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5203] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... mmap resumed>) = 0x20000000 [pid 5202] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] exit_group(0 [pid 5203] <... futex resumed>) = ? [pid 5201] <... exit_group resumed>) = ? [pid 5203] +++ exited with 0 +++ [pid 5202] <... futex resumed>) = ? [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./27/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/cpuset.effective_cpus") = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 97.465449][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5207 attached , child_tidptr=0x5555563f2690) = 5207 [pid 5207] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5207] chdir("./28") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5207] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5208 attached => {parent_tid=[5208]}, 88) = 5208 [pid 5208] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], [pid 5208] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] <... set_robust_list resumed>) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], [pid 5207] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5208] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] <... futex resumed>) = 0 [pid 5208] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5207] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... openat resumed>) = 4 [pid 5208] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5208] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] <... futex resumed>) = 0 [pid 5208] dup3(4, 3, 0 [pid 5207] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... dup3 resumed>) = 3 [pid 5208] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5208] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] <... futex resumed>) = 0 [pid 5208] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5207] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... openat resumed>) = 5 [pid 5208] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5207] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5208] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] memfd_create("syzkaller", 0 [pid 5207] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... memfd_create resumed>) = 6 [pid 5207] <... futex resumed>) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5207] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5208] <... mmap resumed>) = 0x7f029d600000 [pid 5207] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5208] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5207] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5209 attached [pid 5208] <... write resumed>) = 262144 [pid 5207] <... clone3 resumed> => {parent_tid=[5209]}, 88) = 5209 [pid 5209] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5207] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... rseq resumed>) = 0 [pid 5208] munmap(0x7f029d600000, 138412032 [pid 5207] <... futex resumed>) = 0 [pid 5209] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5207] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5209] <... set_robust_list resumed>) = 0 [pid 5208] <... munmap resumed>) = 0 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] <... openat resumed>) = 7 [pid 5209] memfd_create("syzkaller", 0) = 8 [pid 5208] ioctl(7, LOOP_SET_FD, 6 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5208] <... ioctl resumed>) = 0 [pid 5208] close(6) = 0 [pid 5208] close(7) = 0 [pid 5209] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5208] mkdir("./bus", 0777 [pid 5209] munmap(0x7f029d600000, 138412032 [pid 5208] <... mkdir resumed>) = 0 [pid 5208] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5209] <... munmap resumed>) = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5209] close(8) = 0 [pid 5209] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5209] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] <... futex resumed>) = 0 [pid 5209] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 97.791469][ T5208] loop0: detected capacity change from 0 to 512 [pid 5207] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... mount resumed>) = 0 [pid 5208] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5207] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5208] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5207] <... futex resumed>) = 0 [pid 5208] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [ 97.846329][ T5208] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.859126][ T5208] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/28/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5207] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... setxattr resumed>) = 0 [pid 5208] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 1 [pid 5208] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] <... mmap resumed>) = 0x20000000 [pid 5209] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] exit_group(0 [pid 5209] <... futex resumed>) = ? [pid 5208] <... futex resumed>) = ? [pid 5207] <... exit_group resumed>) = ? [pid 5209] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./28/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/cpuset.effective_cpus") = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 98.153942][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5212 attached , child_tidptr=0x5555563f2690) = 5212 [pid 5212] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5212] chdir("./29") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5212] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5213 attached [pid 5213] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5212] <... clone3 resumed> => {parent_tid=[5213]}, 88) = 5213 [pid 5213] <... rseq resumed>) = 0 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], [pid 5213] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5213] <... set_robust_list resumed>) = 0 [pid 5212] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5212] <... futex resumed>) = 0 [pid 5213] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5212] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... openat resumed>) = 3 [pid 5213] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 0 [pid 5213] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5213] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5213] dup3(4, 3, 0 [pid 5212] <... futex resumed>) = 0 [pid 5213] <... dup3 resumed>) = 3 [pid 5212] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... openat resumed>) = 5 [pid 5213] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5213] <... futex resumed>) = 1 [pid 5212] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5212] <... futex resumed>) = 0 [pid 5213] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5212] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5213] <... futex resumed>) = 0 [pid 5212] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] memfd_create("syzkaller", 0 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... memfd_create resumed>) = 6 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5212] <... futex resumed>) = 0 [pid 5213] <... mmap resumed>) = 0x7f029d600000 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5212] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5213] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5212] <... mprotect resumed>) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5213] <... write resumed>) = 262144 [pid 5212] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5214 attached [pid 5213] munmap(0x7f029d600000, 138412032 [pid 5212] <... clone3 resumed> => {parent_tid=[5214]}, 88) = 5214 [pid 5214] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] <... rseq resumed>) = 0 [pid 5212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5214] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5213] <... munmap resumed>) = 0 [pid 5212] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... set_robust_list resumed>) = 0 [pid 5212] <... futex resumed>) = 0 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5214] memfd_create("syzkaller", 0) = 7 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5213] <... openat resumed>) = 8 [pid 5214] <... mmap resumed>) = 0x7f029d600000 [pid 5213] ioctl(8, LOOP_SET_FD, 6) = 0 [pid 5213] close(6) = 0 [pid 5213] close(8 [pid 5214] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5213] <... close resumed>) = 0 [pid 5214] munmap(0x7f029d600000, 138412032) = 0 [pid 5213] mkdir("./bus", 0777 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5214] ioctl(6, LOOP_SET_FD, 7 [pid 5213] <... mkdir resumed>) = 0 [pid 5214] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5214] ioctl(6, LOOP_CLR_FD [ 98.405440][ T5213] loop0: detected capacity change from 0 to 512 [pid 5213] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = -1 EBUSY (Device or resource busy) [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5213] ioctl(8, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5213] close(8) = 0 [pid 5213] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.453212][ T5213] /dev/loop0: Can't open blockdev [pid 5213] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... ioctl resumed>) = 0 [pid 5214] ioctl(6, LOOP_SET_FD, 7) = 0 [pid 5214] close(7) = 0 [pid 5214] close(6) = 0 [pid 5214] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 98.522063][ T5214] loop0: detected capacity change from 0 to 512 [pid 5214] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5214] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5214] chdir("./bus") = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5214] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5214] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5213] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 98.584829][ T5214] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.597499][ T5214] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/29/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5212] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5212] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 0 [pid 5214] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5214] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5214] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... mmap resumed>) = 0x20000000 [pid 5213] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] exit_group(0 [pid 5214] <... futex resumed>) = ? [pid 5213] <... futex resumed>) = ? [pid 5212] <... exit_group resumed>) = ? [pid 5214] +++ exited with 0 +++ [pid 5213] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./29/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/cpuset.effective_cpus") = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 98.918129][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. unlink("./29/binderfs") = 0 umount2("./29/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached , child_tidptr=0x5555563f2690) = 5217 [pid 5217] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5217] chdir("./30") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5217] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5217] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5218 attached [pid 5218] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5217] <... clone3 resumed> => {parent_tid=[5218]}, 88) = 5218 [pid 5218] <... rseq resumed>) = 0 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], [pid 5218] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5218] <... set_robust_list resumed>) = 0 [pid 5217] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] <... futex resumed>) = 0 [pid 5218] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5217] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... openat resumed>) = 3 [pid 5218] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5218] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5217] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... openat resumed>) = 4 [pid 5218] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5218] dup3(4, 3, 0 [pid 5217] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... dup3 resumed>) = 3 [pid 5218] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5218] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5217] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... openat resumed>) = 5 [pid 5218] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5217] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5218] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = 1 [pid 5217] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] memfd_create("syzkaller", 0 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... memfd_create resumed>) = 6 [pid 5217] <... futex resumed>) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5217] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5218] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 5219 attached [pid 5219] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5218] <... write resumed>) = 262144 [pid 5217] <... clone3 resumed> => {parent_tid=[5219]}, 88) = 5219 [pid 5219] <... rseq resumed>) = 0 [pid 5218] munmap(0x7f029d600000, 138412032 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5219] <... set_robust_list resumed>) = 0 [pid 5218] <... munmap resumed>) = 0 [pid 5217] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], [pid 5217] <... futex resumed>) = 0 [pid 5219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5217] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5219] memfd_create("syzkaller", 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5219] <... memfd_create resumed>) = 7 [pid 5218] <... openat resumed>) = 8 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5218] ioctl(8, LOOP_SET_FD, 6) = 0 [pid 5219] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5218] close(6) = 0 [pid 5218] close(8 [pid 5219] <... write resumed>) = 262144 [pid 5218] <... close resumed>) = 0 [pid 5219] munmap(0x7f029d600000, 138412032) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5218] mkdir("./bus", 0777 [pid 5219] <... openat resumed>) = 6 [pid 5219] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5218] <... mkdir resumed>) = 0 [ 99.189157][ T5218] loop0: detected capacity change from 0 to 512 [pid 5219] ioctl(6, LOOP_CLR_FD [pid 5218] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = -1 EBUSY (Device or resource busy) [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5218] ioctl(8, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5218] close(8) = 0 [pid 5218] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.246161][ T5218] /dev/loop0: Can't open blockdev [pid 5218] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... ioctl resumed>) = 0 [pid 5219] ioctl(6, LOOP_SET_FD, 7) = 0 [pid 5219] close(7) = 0 [pid 5219] close(6) = 0 [pid 5219] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 99.317483][ T5219] loop0: detected capacity change from 0 to 512 [ 99.346613][ T5219] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5219] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5219] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5219] chdir("./bus") = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5219] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5217] <... futex resumed>) = 1 [pid 5219] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 99.359391][ T5219] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/30/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5217] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5217] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5217] <... futex resumed>) = 1 [pid 5219] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5217] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5219] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... mmap resumed>) = 0x20000000 [pid 5218] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] exit_group(0 [pid 5219] <... futex resumed>) = ? [pid 5217] <... exit_group resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5218] <... futex resumed>) = ? [pid 5218] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./30/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/cpuset.effective_cpus") = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 99.722759][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5222 attached , child_tidptr=0x5555563f2690) = 5222 [pid 5222] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5222] chdir("./31") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5222] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5223 attached [pid 5223] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5222] <... clone3 resumed> => {parent_tid=[5223]}, 88) = 5223 [pid 5223] set_robust_list(0x7f02a5b4c9a0, 24) = 0 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], [pid 5223] rt_sigprocmask(SIG_SETMASK, [], [pid 5222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5222] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... openat resumed>) = 3 [pid 5223] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5222] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5222] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5223] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5223] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5222] <... futex resumed>) = 0 [pid 5223] dup3(4, 3, 0) = 3 [pid 5222] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] <... futex resumed>) = 0 [pid 5222] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5222] <... futex resumed>) = 0 [pid 5223] <... openat resumed>) = 5 [pid 5222] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5222] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5222] <... futex resumed>) = 0 [pid 5223] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5222] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5222] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] memfd_create("syzkaller", 0 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... memfd_create resumed>) = 6 [pid 5222] <... futex resumed>) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5222] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5223] <... mmap resumed>) = 0x7f029d600000 [pid 5222] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5222] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5223] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5222] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5224 attached [pid 5224] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5222] <... clone3 resumed> => {parent_tid=[5224]}, 88) = 5224 [pid 5224] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], [pid 5224] rt_sigprocmask(SIG_SETMASK, [], [pid 5222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5222] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] memfd_create("syzkaller", 0 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] <... memfd_create resumed>) = 7 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0295200000 [pid 5224] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5223] <... write resumed>) = 262144 [pid 5223] munmap(0x7f029d600000, 138412032) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5223] ioctl(8, LOOP_SET_FD, 6 [pid 5224] <... write resumed>) = 262144 [pid 5224] munmap(0x7f0295200000, 138412032) = 0 [pid 5223] <... ioctl resumed>) = 0 [pid 5223] close(6) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5223] close(8 [pid 5224] <... openat resumed>) = 6 [pid 5223] <... close resumed>) = 0 [pid 5224] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5224] ioctl(6, LOOP_CLR_FD [pid 5223] mkdir("./bus", 0777) = 0 [ 100.087022][ T5223] loop0: detected capacity change from 0 to 512 [ 100.123912][ T5223] /dev/loop0: Can't open blockdev [pid 5223] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = -1 EBUSY (Device or resource busy) [pid 5224] <... ioctl resumed>) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5223] ioctl(8, LOOP_CLR_FD [pid 5224] ioctl(6, LOOP_SET_FD, 7 [pid 5223] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 100.130777][ T5195] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [pid 5224] <... ioctl resumed>) = 0 [pid 5223] close(8 [pid 5224] close(7) = 0 [pid 5224] close(6) = 0 [pid 5224] mkdir("./bus", 0777 [pid 5223] <... close resumed>) = 0 [pid 5224] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5223] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5223] <... futex resumed>) = 0 [ 100.160109][ T5224] loop0: detected capacity change from 0 to 512 [pid 5223] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... mount resumed>) = 0 [pid 5224] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5224] chdir("./bus") = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5224] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5224] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5223] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5222] <... futex resumed>) = 1 [ 100.204738][ T5224] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.217744][ T5224] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/31/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5222] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5222] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5224] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5222] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5224] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5224] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... mmap resumed>) = 0x20000000 [pid 5223] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] exit_group(0 [pid 5224] <... futex resumed>) = ? [pid 5222] <... exit_group resumed>) = ? [pid 5224] +++ exited with 0 +++ [pid 5223] <... futex resumed>) = ? [pid 5223] +++ exited with 0 +++ [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./31/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/cpuset.effective_cpus") = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 [ 100.558664][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x5555563f2690) = 5227 [pid 5227] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5227] chdir("./32") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5227] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5227] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5228 attached [pid 5228] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5227] <... clone3 resumed> => {parent_tid=[5228]}, 88) = 5228 [pid 5228] <... rseq resumed>) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5228] <... set_robust_list resumed>) = 0 [pid 5227] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], [pid 5227] <... futex resumed>) = 0 [pid 5228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5227] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5228] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5228] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5227] <... futex resumed>) = 1 [pid 5228] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5227] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... openat resumed>) = 4 [pid 5228] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5228] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5227] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] dup3(4, 3, 0 [pid 5227] <... futex resumed>) = 0 [pid 5228] <... dup3 resumed>) = 3 [pid 5227] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5228] <... futex resumed>) = 0 [pid 5227] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... openat resumed>) = 5 [pid 5228] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5228] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5227] <... futex resumed>) = 0 [pid 5228] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5227] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5228] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5228] memfd_create("syzkaller", 0 [pid 5227] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] <... memfd_create resumed>) = 6 [pid 5227] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5227] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5228] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5228] <... write resumed>) = 262144 [pid 5228] munmap(0x7f029d600000, 138412032./strace-static-x86_64: Process 5229 attached [pid 5227] <... clone3 resumed> => {parent_tid=[5229]}, 88) = 5229 [pid 5229] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] <... rseq resumed>) = 0 [pid 5229] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5228] <... munmap resumed>) = 0 [pid 5227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] <... set_robust_list resumed>) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5227] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] <... openat resumed>) = 7 [pid 5227] <... futex resumed>) = 0 [pid 5229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5228] ioctl(7, LOOP_SET_FD, 6 [pid 5227] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5229] memfd_create("syzkaller", 0) = 8 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5228] <... ioctl resumed>) = 0 [pid 5228] close(6) = 0 [pid 5229] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5228] close(7 [pid 5229] <... write resumed>) = 262144 [pid 5228] <... close resumed>) = 0 [pid 5229] munmap(0x7f029d600000, 138412032 [pid 5228] mkdir("./bus", 0777 [pid 5229] <... munmap resumed>) = 0 [pid 5228] <... mkdir resumed>) = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 100.853634][ T5228] loop0: detected capacity change from 0 to 512 [pid 5228] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5229] <... openat resumed>) = 6 [pid 5229] ioctl(6, LOOP_SET_FD, 8) = -1 EBUSY (Device or resource busy) [pid 5228] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5229] ioctl(6, LOOP_CLR_FD [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5229] <... ioctl resumed>) = 0 [pid 5228] ioctl(7, LOOP_CLR_FD) = 0 [pid 5228] close(7) = 0 [ 100.898662][ T5228] /dev/loop0: Can't open blockdev [pid 5228] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] ioctl(6, LOOP_SET_FD, 8 [pid 5228] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5229] close(6) = 0 [pid 5229] close(8) = 0 [pid 5229] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5229] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5227] <... futex resumed>) = 1 [pid 5228] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5227] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5227] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5227] <... futex resumed>) = 1 [pid 5229] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5227] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5229] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5229] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] <... mmap resumed>) = 0x20000000 [pid 5228] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] exit_group(0 [pid 5228] <... futex resumed>) = ? [pid 5227] <... exit_group resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5229] <... futex resumed>) = ? [pid 5229] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./32/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/cpuset.effective_cpus") = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5230 attached , child_tidptr=0x5555563f2690) = 5230 [pid 5230] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5230] chdir("./33") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5230] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5231 attached [pid 5231] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5230] <... clone3 resumed> => {parent_tid=[5231]}, 88) = 5231 [pid 5231] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5231] <... set_robust_list resumed>) = 0 [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... openat resumed>) = 3 [pid 5231] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] <... futex resumed>) = 0 [pid 5231] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5230] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... openat resumed>) = 4 [pid 5231] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5231] dup3(4, 3, 0 [pid 5230] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... dup3 resumed>) = 3 [pid 5231] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5230] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5230] <... futex resumed>) = 0 [pid 5231] <... openat resumed>) = 5 [pid 5230] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5230] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5230] <... futex resumed>) = 0 [pid 5231] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5230] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5230] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] memfd_create("syzkaller", 0 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... memfd_create resumed>) = 6 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5230] <... futex resumed>) = 0 [pid 5231] <... mmap resumed>) = 0x7f029d600000 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5231] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5230] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5231] <... write resumed>) = 262144 [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5231] munmap(0x7f029d600000, 138412032 [pid 5230] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5231] <... munmap resumed>) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5231] ioctl(7, LOOP_SET_FD, 6./strace-static-x86_64: Process 5232 attached [pid 5232] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5232] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5230] <... clone3 resumed> => {parent_tid=[5232]}, 88) = 5232 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5232] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] memfd_create("syzkaller", 0 [pid 5230] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5232] <... memfd_create resumed>) = 8 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5231] <... ioctl resumed>) = 0 [pid 5232] <... mmap resumed>) = 0x7f029d600000 [pid 5231] close(6) = 0 [pid 5231] close(7 [pid 5232] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5231] <... close resumed>) = 0 [pid 5232] <... write resumed>) = 262144 [pid 5231] mkdir("./bus", 0777) = 0 [pid 5231] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5232] munmap(0x7f029d600000, 138412032) = 0 [ 101.509423][ T5231] loop0: detected capacity change from 0 to 512 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5232] close(8) = 0 [pid 5231] <... mount resumed>) = 0 [pid 5232] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5232] <... futex resumed>) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5232] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... openat resumed>) = 6 [pid 5230] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5230] <... futex resumed>) = 0 [pid 5231] chdir(0x20000500 [pid 5230] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... chdir resumed>) = -1 ENOENT (No such file or directory) [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5231] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 101.564699][ T5231] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.577640][ T5231] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/33/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5231] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5230] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5230] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = 0 [pid 5231] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... futex resumed>) = 0 [pid 5232] <... mmap resumed>) = 0x20000000 [pid 5232] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] exit_group(0 [pid 5232] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = ? [pid 5230] <... exit_group resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./33/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/cpuset.effective_cpus") = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 101.913209][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5236] chdir("./34" [pid 5072] <... clone resumed>, child_tidptr=0x5555563f2690) = 5236 [pid 5236] <... chdir resumed>) = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5236] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5236] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5237 attached [pid 5237] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5236] <... clone3 resumed> => {parent_tid=[5237]}, 88) = 5237 [pid 5237] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], [pid 5237] <... set_robust_list resumed>) = 0 [pid 5236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], [pid 5236] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5236] <... futex resumed>) = 0 [pid 5237] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5236] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... openat resumed>) = 3 [pid 5237] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5237] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5236] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... openat resumed>) = 4 [pid 5237] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5236] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] dup3(4, 3, 0) = 3 [pid 5237] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5236] <... futex resumed>) = 0 [pid 5237] <... openat resumed>) = 5 [pid 5236] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5237] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5236] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5237] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5237] memfd_create("syzkaller", 0 [pid 5236] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] <... memfd_create resumed>) = 6 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5236] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5237] <... mmap resumed>) = 0x7f029d600000 [pid 5236] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5237] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5236] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5238 attached [pid 5238] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5236] <... clone3 resumed> => {parent_tid=[5238]}, 88) = 5238 [pid 5238] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] <... set_robust_list resumed>) = 0 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] memfd_create("syzkaller", 0 [pid 5236] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... memfd_create resumed>) = 7 [pid 5236] <... futex resumed>) = 0 [pid 5237] <... write resumed>) = 262144 [pid 5236] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5237] munmap(0x7f029d600000, 138412032 [pid 5238] <... mmap resumed>) = 0x7f0295200000 [pid 5237] <... munmap resumed>) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5238] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5237] <... openat resumed>) = 8 [pid 5237] ioctl(8, LOOP_SET_FD, 6 [pid 5238] <... write resumed>) = 262144 [pid 5238] munmap(0x7f0295200000, 138412032 [pid 5237] <... ioctl resumed>) = 0 [pid 5237] close(6) = 0 [pid 5237] close(8 [pid 5238] <... munmap resumed>) = 0 [pid 5237] <... close resumed>) = 0 [pid 5237] mkdir("./bus", 0777 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5237] <... mkdir resumed>) = 0 [pid 5238] <... openat resumed>) = 6 [pid 5237] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [ 102.152041][ T5237] loop0: detected capacity change from 0 to 512 [pid 5238] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5238] ioctl(6, LOOP_CLR_FD [pid 5237] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5238] <... ioctl resumed>) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5237] ioctl(8, LOOP_CLR_FD) = 0 [pid 5237] close(8 [pid 5238] ioctl(6, LOOP_SET_FD, 7 [pid 5237] <... close resumed>) = 0 [pid 5238] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5238] close(6 [pid 5237] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... close resumed>) = 0 [ 102.194491][ T5237] /dev/loop0: Can't open blockdev [pid 5238] close(7) = 0 [pid 5238] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5238] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5237] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5236] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5236] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 0 [pid 5238] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5238] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5238] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... mmap resumed>) = 0x20000000 [pid 5237] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] exit_group(0 [pid 5238] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5237] <... futex resumed>) = ? [pid 5236] <... exit_group resumed>) = ? [pid 5237] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./34/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/cpuset.effective_cpus") = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached , child_tidptr=0x5555563f2690) = 5239 [pid 5239] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5239] chdir("./35") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5239] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5240 attached [pid 5240] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5239] <... clone3 resumed> => {parent_tid=[5240]}, 88) = 5240 [pid 5240] set_robust_list(0x7f02a5b4c9a0, 24) = 0 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... openat resumed>) = 3 [pid 5240] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5240] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5239] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... openat resumed>) = 4 [pid 5240] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] <... futex resumed>) = 1 [pid 5239] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] dup3(4, 3, 0) = 3 [pid 5240] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5240] <... futex resumed>) = 1 [pid 5239] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... openat resumed>) = 5 [pid 5240] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5240] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5239] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5240] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5240] memfd_create("syzkaller", 0 [pid 5239] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] <... memfd_create resumed>) = 6 [pid 5239] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5239] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5240] <... mmap resumed>) = 0x7f029d600000 [pid 5239] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5241 attached [pid 5241] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5239] <... clone3 resumed> => {parent_tid=[5241]}, 88) = 5241 [pid 5241] <... rseq resumed>) = 0 [pid 5240] <... write resumed>) = 262144 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] munmap(0x7f029d600000, 138412032 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] <... munmap resumed>) = 0 [pid 5239] <... futex resumed>) = 0 [pid 5241] memfd_create("syzkaller", 0 [pid 5239] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5241] <... memfd_create resumed>) = 7 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5240] ioctl(8, LOOP_SET_FD, 6 [pid 5241] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5241] munmap(0x7f029d600000, 138412032 [pid 5240] <... ioctl resumed>) = 0 [pid 5241] <... munmap resumed>) = 0 [pid 5240] close(6 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5240] <... close resumed>) = 0 [pid 5241] <... openat resumed>) = 9 [pid 5240] close(8 [pid 5241] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5240] <... close resumed>) = 0 [pid 5241] ioctl(9, LOOP_CLR_FD [pid 5240] mkdir("./bus", 0777) = 0 [pid 5240] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = -1 EBUSY (Device or resource busy) [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5240] ioctl(6, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5240] close(6) = 0 [ 102.807944][ T5240] loop0: detected capacity change from 0 to 512 [ 102.842672][ T5240] /dev/loop0: Can't open blockdev [pid 5240] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... ioctl resumed>) = 0 [pid 5241] ioctl(9, LOOP_SET_FD, 7) = 0 [pid 5241] close(7) = 0 [pid 5241] close(9) = 0 [pid 5241] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 102.880876][ T5195] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 102.907501][ T5241] loop0: detected capacity change from 0 to 512 [pid 5241] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5241] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5241] chdir("./bus") = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5241] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... futex resumed>) = 1 [pid 5239] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 0 [ 102.955435][ T5241] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.968458][ T5241] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/35/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5240] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5239] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5239] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... futex resumed>) = 0 [pid 5241] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5241] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5241] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] <... mmap resumed>) = 0x20000000 [pid 5240] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] exit_group(0) = ? [pid 5241] <... futex resumed>) = ? [pid 5240] <... futex resumed>) = ? [pid 5241] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./35/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/cpuset.effective_cpus") = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 103.298927][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. unlink("./35/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5244] chdir("./36" [pid 5072] <... clone resumed>, child_tidptr=0x5555563f2690) = 5244 [pid 5244] <... chdir resumed>) = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5244] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5245 attached [pid 5245] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5244] <... clone3 resumed> => {parent_tid=[5245]}, 88) = 5245 [pid 5245] <... rseq resumed>) = 0 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], [pid 5245] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] <... set_robust_list resumed>) = 0 [pid 5244] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5244] <... futex resumed>) = 0 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5244] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5245] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5244] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... openat resumed>) = 4 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] dup3(4, 3, 0) = 3 [pid 5245] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... futex resumed>) = 0 [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5244] <... futex resumed>) = 0 [pid 5245] <... openat resumed>) = 5 [pid 5244] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5244] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5245] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5245] <... futex resumed>) = 1 [pid 5244] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] memfd_create("syzkaller", 0 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... memfd_create resumed>) = 6 [pid 5244] <... futex resumed>) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5244] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5245] <... mmap resumed>) = 0x7f029d600000 [pid 5244] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5246 attached [pid 5246] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5246] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5245] <... write resumed>) = 262144 [pid 5244] <... clone3 resumed> => {parent_tid=[5246]}, 88) = 5246 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], [pid 5245] munmap(0x7f029d600000, 138412032 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] <... munmap resumed>) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... openat resumed>) = 7 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] ioctl(7, LOOP_SET_FD, 6 [pid 5246] memfd_create("syzkaller", 0 [pid 5244] <... futex resumed>) = 0 [pid 5246] <... memfd_create resumed>) = 8 [pid 5244] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5245] <... ioctl resumed>) = 0 [pid 5245] close(6 [pid 5246] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5245] <... close resumed>) = 0 [pid 5245] close(7) = 0 [pid 5246] <... write resumed>) = 262144 [pid 5246] munmap(0x7f029d600000, 138412032 [pid 5245] mkdir("./bus", 0777 [pid 5246] <... munmap resumed>) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5245] <... mkdir resumed>) = 0 [pid 5246] ioctl(6, LOOP_SET_FD, 8 [pid 5245] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5246] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5246] ioctl(6, LOOP_CLR_FD) = 0 [pid 5245] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5245] ioctl(7, LOOP_CLR_FD [pid 5246] ioctl(6, LOOP_SET_FD, 8 [pid 5245] <... ioctl resumed>) = 0 [pid 5246] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5245] close(7 [pid 5246] close(6 [pid 5245] <... close resumed>) = 0 [pid 5245] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] <... close resumed>) = 0 [ 103.574011][ T5245] loop0: detected capacity change from 0 to 512 [ 103.611612][ T5245] /dev/loop0: Can't open blockdev [pid 5246] close(8) = 0 [pid 5246] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5245] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5244] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5244] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5244] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5246] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5246] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... mmap resumed>) = 0x20000000 [pid 5245] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] exit_group(0 [pid 5246] <... futex resumed>) = ? [pid 5245] <... futex resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ [pid 5244] <... exit_group resumed>) = ? [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./36/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/cpuset.effective_cpus") = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5247 attached , child_tidptr=0x5555563f2690) = 5247 [pid 5247] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5247] chdir("./37") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5247] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5247] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5248 attached [pid 5248] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5247] <... clone3 resumed> => {parent_tid=[5248]}, 88) = 5248 [pid 5248] set_robust_list(0x7f02a5b4c9a0, 24) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], [pid 5248] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5247] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... openat resumed>) = 3 [pid 5248] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5248] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5247] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... openat resumed>) = 4 [pid 5248] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] <... futex resumed>) = 1 [pid 5247] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] dup3(4, 3, 0) = 3 [pid 5248] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5248] <... futex resumed>) = 1 [pid 5247] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5247] <... futex resumed>) = 0 [pid 5248] <... openat resumed>) = 5 [pid 5247] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5247] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5248] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] memfd_create("syzkaller", 0 [pid 5247] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] <... memfd_create resumed>) = 6 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5247] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... mmap resumed>) = 0x7f029d600000 [pid 5247] <... futex resumed>) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5247] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5248] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5247] <... mprotect resumed>) = 0 [pid 5247] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5248] <... write resumed>) = 262144 [pid 5248] munmap(0x7f029d600000, 138412032 [pid 5247] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5248] <... munmap resumed>) = 0 [pid 5247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5249 attached [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5247] <... clone3 resumed> => {parent_tid=[5249]}, 88) = 5249 [pid 5249] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5249] <... rseq resumed>) = 0 [pid 5248] <... openat resumed>) = 7 [pid 5247] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5248] ioctl(7, LOOP_SET_FD, 6 [pid 5249] <... set_robust_list resumed>) = 0 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5248] <... ioctl resumed>) = 0 [pid 5248] close(6) = 0 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] memfd_create("syzkaller", 0) = 6 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5248] close(7 [pid 5249] <... mmap resumed>) = 0x7f029d600000 [pid 5248] <... close resumed>) = 0 [pid 5249] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5248] mkdir("./bus", 0777 [pid 5249] munmap(0x7f029d600000, 138412032) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5248] <... mkdir resumed>) = 0 [pid 5249] <... openat resumed>) = 7 [ 104.206848][ T5248] loop0: detected capacity change from 0 to 512 [pid 5249] ioctl(7, LOOP_SET_FD, 6 [pid 5248] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5249] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5249] ioctl(7, LOOP_CLR_FD [pid 5248] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5248] ioctl(8, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5248] close(8) = 0 [ 104.275353][ T5248] /dev/loop0: Can't open blockdev [pid 5248] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] <... ioctl resumed>) = 0 [pid 5248] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] ioctl(7, LOOP_SET_FD, 6) = 0 [pid 5249] close(6) = 0 [pid 5249] close(7) = 0 [pid 5249] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 104.322527][ T5249] loop0: detected capacity change from 0 to 512 [pid 5249] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5249] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5249] chdir("./bus") = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5249] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5249] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5248] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5247] <... futex resumed>) = 1 [ 104.365094][ T5249] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.378364][ T5249] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/37/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5247] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5247] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5247] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5249] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5249] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] <... mmap resumed>) = 0x20000000 [pid 5248] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] exit_group(0 [pid 5249] <... futex resumed>) = ? [pid 5248] <... futex resumed>) = ? [pid 5247] <... exit_group resumed>) = ? [pid 5248] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./37/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/cpuset.effective_cpus") = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 104.717935][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x5555563f2690) = 5252 [pid 5252] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5252] chdir("./38") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5252] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5253 attached [pid 5253] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5252] <... clone3 resumed> => {parent_tid=[5253]}, 88) = 5253 [pid 5253] <... rseq resumed>) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], [pid 5253] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5253] <... set_robust_list resumed>) = 0 [pid 5252] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], [pid 5252] <... futex resumed>) = 0 [pid 5253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5252] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5253] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] <... futex resumed>) = 0 [pid 5253] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5252] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... openat resumed>) = 4 [pid 5253] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5253] <... futex resumed>) = 1 [pid 5252] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] dup3(4, 3, 0 [pid 5252] <... futex resumed>) = 0 [pid 5253] <... dup3 resumed>) = 3 [pid 5252] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] <... futex resumed>) = 0 [pid 5253] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5252] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... openat resumed>) = 5 [pid 5253] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5253] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] <... futex resumed>) = 0 [pid 5253] memfd_create("syzkaller", 0 [pid 5252] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... memfd_create resumed>) = 6 [pid 5252] <... futex resumed>) = 0 [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5253] <... mmap resumed>) = 0x7f029d600000 [pid 5252] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5252] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5253] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5252] <... mprotect resumed>) = 0 [pid 5252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5253] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5254 attached [pid 5254] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5253] munmap(0x7f029d600000, 138412032 [pid 5252] <... clone3 resumed> => {parent_tid=[5254]}, 88) = 5254 [pid 5254] <... rseq resumed>) = 0 [pid 5254] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], [pid 5254] <... set_robust_list resumed>) = 0 [pid 5252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], [pid 5252] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... munmap resumed>) = 0 [pid 5254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5252] <... futex resumed>) = 0 [pid 5254] memfd_create("syzkaller", 0 [pid 5252] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5254] <... memfd_create resumed>) = 8 [pid 5253] <... openat resumed>) = 7 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5253] ioctl(7, LOOP_SET_FD, 6) = 0 [pid 5253] close(6 [pid 5254] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5253] <... close resumed>) = 0 [pid 5254] <... write resumed>) = 262144 [pid 5254] munmap(0x7f029d600000, 138412032 [pid 5253] close(7) = 0 [pid 5253] mkdir("./bus", 0777 [pid 5254] <... munmap resumed>) = 0 [pid 5253] <... mkdir resumed>) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5253] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5254] <... openat resumed>) = 6 [pid 5254] ioctl(6, LOOP_SET_FD, 8 [pid 5253] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5254] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5254] ioctl(6, LOOP_CLR_FD) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5254] ioctl(6, LOOP_SET_FD, 8) = -1 EBUSY (Device or resource busy) [pid 5254] close(6 [pid 5253] <... openat resumed>) = 7 [pid 5254] <... close resumed>) = 0 [pid 5253] ioctl(7, LOOP_CLR_FD [pid 5254] close(8) = 0 [ 105.007840][ T5253] loop0: detected capacity change from 0 to 512 [ 105.040020][ T5253] /dev/loop0: Can't open blockdev [pid 5254] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5254] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] <... futex resumed>) = 0 [pid 5254] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5252] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... ioctl resumed>) = 0 [pid 5253] close(7) = 0 [pid 5253] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5252] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5252] <... futex resumed>) = 1 [pid 5253] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5252] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5253] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] <... mmap resumed>) = 0x20000000 [pid 5254] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] exit_group(0 [pid 5253] <... futex resumed>) = ? [pid 5252] <... exit_group resumed>) = ? [pid 5253] +++ exited with 0 +++ [pid 5254] <... futex resumed>) = ? [pid 5254] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./38/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/cpuset.effective_cpus") = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563f2690) = 5255 ./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5255] chdir("./39") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5255] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5256 attached [pid 5256] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5255] <... clone3 resumed> => {parent_tid=[5256]}, 88) = 5256 [pid 5256] <... rseq resumed>) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] <... set_robust_list resumed>) = 0 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5255] <... futex resumed>) = 0 [pid 5256] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5255] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... openat resumed>) = 3 [pid 5256] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5255] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... openat resumed>) = 4 [pid 5256] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5255] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] dup3(4, 3, 0) = 3 [pid 5256] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5255] <... futex resumed>) = 0 [pid 5256] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5255] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... openat resumed>) = 5 [pid 5256] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5255] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5255] <... futex resumed>) = 0 [pid 5256] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5255] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5255] <... futex resumed>) = 0 [pid 5256] memfd_create("syzkaller", 0 [pid 5255] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5256] <... memfd_create resumed>) = 6 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5255] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5256] <... mmap resumed>) = 0x7f029d600000 [pid 5255] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5256] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5257 attached [pid 5256] munmap(0x7f029d600000, 138412032 [pid 5257] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5255] <... clone3 resumed> => {parent_tid=[5257]}, 88) = 5257 [pid 5257] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5256] <... munmap resumed>) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] <... openat resumed>) = 7 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] ioctl(7, LOOP_SET_FD, 6 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5255] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] memfd_create("syzkaller", 0 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] <... memfd_create resumed>) = 8 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5256] <... ioctl resumed>) = 0 [pid 5257] <... mmap resumed>) = 0x7f029d600000 [pid 5256] close(6) = 0 [pid 5256] close(7 [pid 5257] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5256] <... close resumed>) = 0 [pid 5256] mkdir("./bus", 0777) = 0 [pid 5256] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5257] <... write resumed>) = 262144 [pid 5257] munmap(0x7f029d600000, 138412032) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 105.624247][ T5256] loop0: detected capacity change from 0 to 512 [pid 5257] close(8) = 0 [pid 5257] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5257] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5255] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... mount resumed>) = 0 [pid 5256] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 105.676004][ T5256] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.688721][ T5256] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/39/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5256] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5255] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5255] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = 0 [pid 5256] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5257] <... mmap resumed>) = 0x20000000 [pid 5257] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] exit_group(0 [pid 5257] <... futex resumed>) = ? [pid 5256] <... futex resumed>) = ? [pid 5255] <... exit_group resumed>) = ? [pid 5257] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=0, si_stime=35 /* 0.35 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./39/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/cpuset.effective_cpus") = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 [ 105.978473][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5260 attached , child_tidptr=0x5555563f2690) = 5260 [pid 5260] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5260] chdir("./40") = 0 [pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5260] setpgid(0, 0) = 0 [pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5260] write(3, "1000", 4) = 4 [pid 5260] close(3) = 0 [pid 5260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5260] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5260] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5260] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5261 attached [pid 5261] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5260] <... clone3 resumed> => {parent_tid=[5261]}, 88) = 5261 [pid 5261] <... rseq resumed>) = 0 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] set_robust_list(0x7f02a5b4c9a0, 24) = 0 [pid 5260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] <... futex resumed>) = 0 [pid 5261] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5260] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... openat resumed>) = 3 [pid 5261] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5260] <... futex resumed>) = 0 [pid 5261] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5260] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] dup3(4, 3, 0 [pid 5260] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... dup3 resumed>) = 3 [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5260] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... openat resumed>) = 5 [pid 5261] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5260] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5260] <... futex resumed>) = 0 [pid 5261] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5260] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5260] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] memfd_create("syzkaller", 0 [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... memfd_create resumed>) = 6 [pid 5260] <... futex resumed>) = 0 [pid 5260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5260] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5261] <... mmap resumed>) = 0x7f029d600000 [pid 5260] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5261] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5262 attached [pid 5262] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5260] <... clone3 resumed> => {parent_tid=[5262]}, 88) = 5262 [pid 5262] <... rseq resumed>) = 0 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] <... set_robust_list resumed>) = 0 [pid 5260] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5260] <... futex resumed>) = 0 [pid 5262] memfd_create("syzkaller", 0 [pid 5260] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5262] <... memfd_create resumed>) = 7 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0295200000 [pid 5262] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5261] <... write resumed>) = 262144 [pid 5261] munmap(0x7f029d600000, 138412032) = 0 [pid 5262] <... write resumed>) = 262144 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5262] munmap(0x7f0295200000, 138412032 [pid 5261] <... openat resumed>) = 8 [pid 5262] <... munmap resumed>) = 0 [pid 5261] ioctl(8, LOOP_SET_FD, 6 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 9 [pid 5261] <... ioctl resumed>) = 0 [pid 5262] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5262] ioctl(9, LOOP_CLR_FD [pid 5261] close(6 [pid 5262] <... ioctl resumed>) = 0 [pid 5261] <... close resumed>) = 0 [pid 5261] close(8) = 0 [pid 5261] mkdir("./bus", 0777) = 0 [pid 5262] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5262] close(9 [pid 5261] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5262] <... close resumed>) = 0 [ 106.315693][ T5261] loop0: detected capacity change from 0 to 512 [pid 5262] close(7) = 0 [pid 5262] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... futex resumed>) = 0 [pid 5261] <... mount resumed>) = -1 EIO (Input/output error) [pid 5260] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5260] <... futex resumed>) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5260] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... openat resumed>) = 6 [pid 5262] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5261] ioctl(6, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5261] close(6) = 0 [pid 5261] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 106.367172][ T5261] syz-executor422: attempt to access beyond end of device [ 106.367172][ T5261] loop0: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 106.381038][ T5261] EXT4-fs (loop0): unable to read superblock [pid 5261] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5260] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5260] <... futex resumed>) = 1 [pid 5261] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5260] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5261] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] <... mmap resumed>) = 0x20000000 [pid 5262] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] exit_group(0 [pid 5262] <... futex resumed>) = ? [pid 5261] <... futex resumed>) = ? [pid 5260] <... exit_group resumed>) = ? [pid 5262] +++ exited with 0 +++ [pid 5261] +++ exited with 0 +++ [pid 5260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./40/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/cpuset.effective_cpus") = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5263 attached , child_tidptr=0x5555563f2690) = 5263 [pid 5263] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5263] chdir("./41") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5263] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5264 attached [pid 5264] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5263] <... clone3 resumed> => {parent_tid=[5264]}, 88) = 5264 [pid 5264] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5264] <... set_robust_list resumed>) = 0 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], [pid 5263] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5264] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... openat resumed>) = 3 [pid 5264] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = 1 [pid 5263] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] dup3(4, 3, 0 [pid 5263] <... futex resumed>) = 0 [pid 5264] <... dup3 resumed>) = 3 [pid 5263] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5263] <... futex resumed>) = 0 [pid 5264] <... openat resumed>) = 5 [pid 5263] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5263] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5264] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] memfd_create("syzkaller", 0 [pid 5263] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] <... memfd_create resumed>) = 6 [pid 5263] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5263] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5264] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5263] <... mprotect resumed>) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0} [pid 5264] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5265 attached [pid 5265] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5263] <... clone3 resumed> => {parent_tid=[5265]}, 88) = 5265 [pid 5265] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5265] <... set_robust_list resumed>) = 0 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] munmap(0x7f029d600000, 138412032 [pid 5265] memfd_create("syzkaller", 0 [pid 5263] <... futex resumed>) = 0 [pid 5265] <... memfd_create resumed>) = 7 [pid 5264] <... munmap resumed>) = 0 [pid 5263] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5265] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5264] <... openat resumed>) = 8 [pid 5264] ioctl(8, LOOP_SET_FD, 6 [pid 5265] <... write resumed>) = 262144 [pid 5265] munmap(0x7f029d600000, 138412032) = 0 [pid 5264] <... ioctl resumed>) = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5264] close(6 [pid 5265] <... openat resumed>) = 9 [pid 5264] <... close resumed>) = 0 [pid 5264] close(8 [pid 5265] ioctl(9, LOOP_SET_FD, 7 [pid 5264] <... close resumed>) = 0 [pid 5265] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5265] ioctl(9, LOOP_CLR_FD) = 0 [pid 5264] mkdir("./bus", 0777) = 0 [pid 5264] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5265] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5265] close(9) = 0 [pid 5265] close(7) = 0 [pid 5264] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5265] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5265] <... futex resumed>) = 1 [pid 5264] <... openat resumed>) = 6 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5263] <... futex resumed>) = 0 [pid 5264] ioctl(6, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5264] close(6 [pid 5263] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... close resumed>) = 0 [pid 5264] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 106.965815][ T5264] loop0: detected capacity change from 0 to 512 [ 107.002904][ T5264] /dev/loop0: Can't open blockdev [pid 5264] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5263] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 0 [pid 5263] <... futex resumed>) = 1 [pid 5264] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5263] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] <... mmap resumed>) = 0x20000000 [pid 5265] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] exit_group(0 [pid 5264] <... futex resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5263] <... exit_group resumed>) = ? [pid 5265] <... futex resumed>) = ? [pid 5265] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./41/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/cpuset.effective_cpus") = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5266 attached , child_tidptr=0x5555563f2690) = 5266 [pid 5266] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5266] chdir("./42") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5266] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5266] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5267 attached [pid 5267] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5266] <... clone3 resumed> => {parent_tid=[5267]}, 88) = 5267 [pid 5267] <... rseq resumed>) = 0 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], [pid 5267] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5267] <... set_robust_list resumed>) = 0 [pid 5266] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5266] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... openat resumed>) = 3 [pid 5267] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5266] <... futex resumed>) = 0 [pid 5267] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5266] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... openat resumed>) = 4 [pid 5267] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 1 [pid 5267] dup3(4, 3, 0 [pid 5266] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... dup3 resumed>) = 3 [pid 5267] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5267] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5266] <... futex resumed>) = 1 [pid 5267] <... openat resumed>) = 5 [pid 5266] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5267] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5266] <... futex resumed>) = 0 [pid 5267] memfd_create("syzkaller", 0 [pid 5266] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] <... memfd_create resumed>) = 6 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5266] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5267] <... mmap resumed>) = 0x7f029d600000 [pid 5266] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5267] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5266] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5268 attached [pid 5268] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5266] <... clone3 resumed> => {parent_tid=[5268]}, 88) = 5268 [pid 5268] <... rseq resumed>) = 0 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5267] <... write resumed>) = 262144 [pid 5268] <... set_robust_list resumed>) = 0 [pid 5266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], [pid 5266] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5267] munmap(0x7f029d600000, 138412032 [pid 5268] memfd_create("syzkaller", 0 [pid 5266] <... futex resumed>) = 0 [pid 5268] <... memfd_create resumed>) = 7 [pid 5267] <... munmap resumed>) = 0 [pid 5266] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5268] <... mmap resumed>) = 0x7f029d600000 [pid 5267] ioctl(8, LOOP_SET_FD, 6) = 0 [pid 5267] close(6 [pid 5268] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5267] <... close resumed>) = 0 [pid 5267] close(8) = 0 [pid 5268] <... write resumed>) = 262144 [pid 5267] mkdir("./bus", 0777 [pid 5268] munmap(0x7f029d600000, 138412032) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5267] <... mkdir resumed>) = 0 [pid 5268] ioctl(6, LOOP_SET_FD, 7 [pid 5267] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5268] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5268] ioctl(6, LOOP_CLR_FD) = 0 [pid 5267] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5268] ioctl(6, LOOP_SET_FD, 7 [pid 5267] ioctl(8, LOOP_CLR_FD [pid 5268] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5268] close(6 [pid 5267] <... ioctl resumed>) = 0 [pid 5268] <... close resumed>) = 0 [pid 5267] close(8 [pid 5268] close(7 [pid 5267] <... close resumed>) = 0 [ 107.590841][ T5267] loop0: detected capacity change from 0 to 512 [ 107.629276][ T5267] /dev/loop0: Can't open blockdev [pid 5268] <... close resumed>) = 0 [pid 5268] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 1 [pid 5268] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 0 [pid 5267] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5266] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5266] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 1 [pid 5268] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5266] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5268] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5268] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... mmap resumed>) = 0x20000000 [pid 5267] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] exit_group(0 [pid 5268] <... futex resumed>) = ? [pid 5267] <... futex resumed>) = ? [pid 5266] <... exit_group resumed>) = ? [pid 5268] +++ exited with 0 +++ [pid 5267] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./42/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/cpuset.effective_cpus") = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5269 attached , child_tidptr=0x5555563f2690) = 5269 [pid 5269] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5269] chdir("./43") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5269] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5269] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5270 attached => {parent_tid=[5270]}, 88) = 5270 [pid 5270] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5270] set_robust_list(0x7f02a5b4c9a0, 24) = 0 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5270] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5269] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5269] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5270] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5270] <... futex resumed>) = 1 [pid 5269] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5269] <... futex resumed>) = 0 [pid 5270] <... openat resumed>) = 4 [pid 5269] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5270] <... futex resumed>) = 1 [pid 5269] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] dup3(4, 3, 0 [pid 5269] <... futex resumed>) = 0 [pid 5270] <... dup3 resumed>) = 3 [pid 5269] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5270] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5269] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... openat resumed>) = 5 [pid 5270] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5270] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5270] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5270] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] memfd_create("syzkaller", 0 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... memfd_create resumed>) = 6 [pid 5269] <... futex resumed>) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5269] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5269] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5270] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5269] <... mprotect resumed>) = 0 [pid 5269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5271 attached [pid 5270] <... write resumed>) = 262144 [pid 5269] <... clone3 resumed> => {parent_tid=[5271]}, 88) = 5271 [pid 5271] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5270] munmap(0x7f029d600000, 138412032 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5271] <... rseq resumed>) = 0 [pid 5270] <... munmap resumed>) = 0 [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5269] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... set_robust_list resumed>) = 0 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], [pid 5270] <... openat resumed>) = 7 [pid 5269] <... futex resumed>) = 0 [pid 5271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] memfd_create("syzkaller", 0 [pid 5269] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5271] <... memfd_create resumed>) = 8 [pid 5270] ioctl(7, LOOP_SET_FD, 6 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5270] <... ioctl resumed>) = 0 [pid 5270] close(6) = 0 [pid 5270] close(7) = 0 [pid 5270] mkdir("./bus", 0777 [pid 5271] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5270] <... mkdir resumed>) = 0 [pid 5270] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5271] <... write resumed>) = 262144 [pid 5271] munmap(0x7f029d600000, 138412032) = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5271] close(8) = 0 [pid 5271] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5271] <... futex resumed>) = 1 [pid 5269] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5269] <... futex resumed>) = 0 [ 108.262283][ T5270] loop0: detected capacity change from 0 to 512 [pid 5269] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... mount resumed>) = 0 [pid 5270] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5269] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5270] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5269] futex(0x7f02a5c1772c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5270] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 108.316825][ T5270] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.329608][ T5270] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/43/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5270] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] <... mmap resumed>) = 0x20000000 [pid 5269] <... mmap resumed>) = 0x7f02a5aea000 [pid 5269] mprotect(0x7f02a5aeb000, 131072, PROT_READ|PROT_WRITE [pid 5271] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] <... mprotect resumed>) = 0 [pid 5271] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b0a990, parent_tid=0x7f02a5b0a990, exit_signal=0, stack=0x7f02a5aea000, stack_size=0x20300, tls=0x7f02a5b0a6c0}./strace-static-x86_64: Process 5275 attached [pid 5275] rseq(0x7f02a5b0afe0, 0x20, 0, 0x53053053) = 0 [pid 5269] <... clone3 resumed> => {parent_tid=[5275]}, 88) = 5275 [pid 5275] set_robust_list(0x7f02a5b0a9a0, 24 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5275] <... set_robust_list resumed>) = 0 [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5269] futex(0x7f02a5c17728, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5275] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f02a5c1772c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... setxattr resumed>) = 0 [pid 5275] futex(0x7f02a5c1772c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5275] futex(0x7f02a5c17728, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] exit_group(0 [pid 5270] <... futex resumed>) = ? [pid 5275] <... futex resumed>) = ? [pid 5271] <... futex resumed>) = ? [pid 5270] +++ exited with 0 +++ [pid 5269] <... exit_group resumed>) = ? [pid 5275] +++ exited with 0 +++ [pid 5271] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./43/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/cpuset.effective_cpus") = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 108.620516][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5276 attached , child_tidptr=0x5555563f2690) = 5276 [pid 5276] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5276] chdir("./44") = 0 [pid 5276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5276] setpgid(0, 0) = 0 [pid 5276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5276] write(3, "1000", 4) = 4 [pid 5276] close(3) = 0 [pid 5276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5276] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5276] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5276] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5277 attached [pid 5277] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5276] <... clone3 resumed> => {parent_tid=[5277]}, 88) = 5277 [pid 5277] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] <... set_robust_list resumed>) = 0 [pid 5276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5276] <... futex resumed>) = 0 [pid 5277] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5276] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... openat resumed>) = 3 [pid 5277] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5277] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5276] <... futex resumed>) = 0 [pid 5277] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5276] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... openat resumed>) = 4 [pid 5277] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = 1 [pid 5276] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] dup3(4, 3, 0) = 3 [pid 5276] <... futex resumed>) = 0 [pid 5277] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 0 [pid 5276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5277] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5276] <... futex resumed>) = 0 [pid 5277] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5276] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... openat resumed>) = 5 [pid 5277] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5277] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5276] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5277] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5277] memfd_create("syzkaller", 0 [pid 5276] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] <... memfd_create resumed>) = 6 [pid 5276] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5276] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5278 attached [pid 5278] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5276] <... clone3 resumed> => {parent_tid=[5278]}, 88) = 5278 [pid 5278] <... rseq resumed>) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] <... write resumed>) = 262144 [pid 5278] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5277] munmap(0x7f029d600000, 138412032 [pid 5276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] <... set_robust_list resumed>) = 0 [pid 5276] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] <... futex resumed>) = 0 [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5276] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5278] memfd_create("syzkaller", 0 [pid 5277] <... munmap resumed>) = 0 [pid 5278] <... memfd_create resumed>) = 7 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5277] ioctl(8, LOOP_SET_FD, 6 [pid 5278] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5278] munmap(0x7f029d600000, 138412032) = 0 [pid 5277] <... ioctl resumed>) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5277] close(6) = 0 [pid 5278] <... openat resumed>) = 9 [pid 5277] close(8 [pid 5278] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5278] ioctl(9, LOOP_CLR_FD) = 0 [pid 5277] <... close resumed>) = 0 [pid 5277] mkdir("./bus", 0777) = 0 [pid 5278] ioctl(9, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5277] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5278] close(9) = 0 [pid 5278] close(7) = 0 [pid 5278] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5278] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5278] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5276] <... futex resumed>) = 0 [ 108.835964][ T5277] loop0: detected capacity change from 0 to 512 [pid 5276] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... mount resumed>) = 0 [pid 5277] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5276] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5276] futex(0x7f02a5c1772c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5277] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 108.898967][ T5277] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.912327][ T5277] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/44/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5277] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... mmap resumed>) = 0x20000000 [pid 5276] <... mmap resumed>) = 0x7f02a5aea000 [pid 5276] mprotect(0x7f02a5aeb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b0a990, parent_tid=0x7f02a5b0a990, exit_signal=0, stack=0x7f02a5aea000, stack_size=0x20300, tls=0x7f02a5b0a6c0} => {parent_tid=[5281]}, 88) = 5281 ./strace-static-x86_64: Process 5281 attached [pid 5276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5276] futex(0x7f02a5c17728, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] rseq(0x7f02a5b0afe0, 0x20, 0, 0x53053053) = 0 [pid 5276] futex(0x7f02a5c1772c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] set_robust_list(0x7f02a5b0a9a0, 24) = 0 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5281] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = 0 [pid 5281] futex(0x7f02a5c1772c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5281] futex(0x7f02a5c17728, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] exit_group(0 [pid 5281] <... futex resumed>) = ? [pid 5278] <... futex resumed>) = ? [pid 5277] <... futex resumed>) = ? [pid 5281] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ [pid 5277] +++ exited with 0 +++ [pid 5276] <... exit_group resumed>) = ? [pid 5276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5276, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./44/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/cpuset.effective_cpus") = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 109.254872][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. unlink("./44/binderfs") = 0 umount2("./44/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5282 attached , child_tidptr=0x5555563f2690) = 5282 [pid 5282] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5282] chdir("./45") = 0 [pid 5282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5282] setpgid(0, 0) = 0 [pid 5282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5282] write(3, "1000", 4) = 4 [pid 5282] close(3) = 0 [pid 5282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5282] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5282] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5282] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5283 attached => {parent_tid=[5283]}, 88) = 5283 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5283] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5282] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... set_robust_list resumed>) = 0 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5282] <... futex resumed>) = 0 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5283] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] <... futex resumed>) = 0 [pid 5283] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5282] <... futex resumed>) = 0 [pid 5283] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5282] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... openat resumed>) = 4 [pid 5283] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5282] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] dup3(4, 3, 0) = 3 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5282] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5282] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5282] <... futex resumed>) = 0 [pid 5283] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5282] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5282] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] memfd_create("syzkaller", 0 [pid 5282] <... futex resumed>) = 0 [pid 5283] <... memfd_create resumed>) = 6 [pid 5282] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5282] <... futex resumed>) = 0 [pid 5283] <... mmap resumed>) = 0x7f029d600000 [pid 5282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5282] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5284 attached [pid 5284] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5282] <... clone3 resumed> => {parent_tid=[5284]}, 88) = 5284 [pid 5284] <... rseq resumed>) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] <... set_robust_list resumed>) = 0 [pid 5282] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] <... write resumed>) = 262144 [pid 5284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] <... futex resumed>) = 0 [pid 5284] memfd_create("syzkaller", 0 [pid 5282] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5283] munmap(0x7f029d600000, 138412032 [pid 5284] <... memfd_create resumed>) = 7 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5283] <... munmap resumed>) = 0 [pid 5284] <... mmap resumed>) = 0x7f029d600000 [pid 5283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5284] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5283] ioctl(8, LOOP_SET_FD, 6 [pid 5284] <... write resumed>) = 262144 [pid 5283] <... ioctl resumed>) = 0 [pid 5284] munmap(0x7f029d600000, 138412032 [pid 5283] close(6) = 0 [pid 5284] <... munmap resumed>) = 0 [pid 5283] close(8) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5283] mkdir("./bus", 0777 [pid 5284] <... openat resumed>) = 6 [pid 5283] <... mkdir resumed>) = 0 [pid 5284] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5284] ioctl(6, LOOP_CLR_FD) = 0 [ 109.518786][ T5283] loop0: detected capacity change from 0 to 512 [pid 5283] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5284] ioctl(6, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5284] close(6) = 0 [pid 5284] close(7) = 0 [pid 5284] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5284] <... futex resumed>) = 1 [pid 5284] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5282] <... futex resumed>) = 0 [pid 5283] <... openat resumed>) = 6 [pid 5282] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] ioctl(6, LOOP_CLR_FD [pid 5284] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5284] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5282] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] close(6) = 0 [ 109.559453][ T5283] /dev/loop0: Can't open blockdev [pid 5283] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5282] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5282] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5283] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] <... futex resumed>) = 0 [pid 5283] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... mmap resumed>) = 0x20000000 [pid 5284] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] exit_group(0 [pid 5283] <... futex resumed>) = ? [pid 5282] <... exit_group resumed>) = ? [pid 5283] +++ exited with 0 +++ [pid 5284] <... futex resumed>) = ? [pid 5284] +++ exited with 0 +++ [pid 5282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5282, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./45/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/cpuset.effective_cpus") = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5285 attached , child_tidptr=0x5555563f2690) = 5285 [pid 5285] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5285] chdir("./46") = 0 [pid 5285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5285] setpgid(0, 0) = 0 [pid 5285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5285] write(3, "1000", 4) = 4 [pid 5285] close(3) = 0 [pid 5285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5285] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5285] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5285] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5285] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5285] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5286 attached => {parent_tid=[5286]}, 88) = 5286 [pid 5286] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], [pid 5286] <... rseq resumed>) = 0 [pid 5285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5285] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... set_robust_list resumed>) = 0 [pid 5285] <... futex resumed>) = 0 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], [pid 5285] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5286] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] <... futex resumed>) = 0 [pid 5285] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5285] <... futex resumed>) = 0 [pid 5285] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5286] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] <... futex resumed>) = 0 [pid 5286] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5285] <... futex resumed>) = 0 [pid 5286] dup3(4, 3, 0 [pid 5285] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... dup3 resumed>) = 3 [pid 5286] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] <... futex resumed>) = 0 [pid 5286] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5285] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5285] <... futex resumed>) = 0 [pid 5286] <... openat resumed>) = 5 [pid 5285] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 0 [pid 5286] <... futex resumed>) = 1 [pid 5285] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5285] <... futex resumed>) = 0 [pid 5286] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5285] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 0 [pid 5286] <... futex resumed>) = 1 [pid 5285] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] memfd_create("syzkaller", 0 [pid 5285] <... futex resumed>) = 0 [pid 5285] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... memfd_create resumed>) = 6 [pid 5285] <... futex resumed>) = 0 [pid 5285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5285] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5285] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5285] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5286] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5285] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5287 attached [pid 5287] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053 [pid 5285] <... clone3 resumed> => {parent_tid=[5287]}, 88) = 5287 [pid 5287] <... rseq resumed>) = 0 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], [pid 5287] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5287] <... set_robust_list resumed>) = 0 [pid 5285] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], [pid 5285] <... futex resumed>) = 0 [pid 5287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5285] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5287] memfd_create("syzkaller", 0) = 7 [pid 5286] <... write resumed>) = 262144 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5286] munmap(0x7f029d600000, 138412032 [pid 5287] <... mmap resumed>) = 0x7f0295200000 [pid 5286] <... munmap resumed>) = 0 [pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5287] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5286] <... openat resumed>) = 8 [pid 5286] ioctl(8, LOOP_SET_FD, 6 [pid 5287] <... write resumed>) = 262144 [pid 5287] munmap(0x7f0295200000, 138412032) = 0 [pid 5286] <... ioctl resumed>) = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5286] close(6 [pid 5287] <... openat resumed>) = 9 [pid 5286] <... close resumed>) = 0 [pid 5286] close(8 [pid 5287] ioctl(9, LOOP_SET_FD, 7 [pid 5286] <... close resumed>) = 0 [pid 5287] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5286] mkdir("./bus", 0777 [pid 5287] ioctl(9, LOOP_CLR_FD [pid 5286] <... mkdir resumed>) = 0 [pid 5286] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = -1 EBUSY (Device or resource busy) [pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5286] ioctl(6, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5286] close(6) = 0 [pid 5286] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 110.197143][ T5286] loop0: detected capacity change from 0 to 512 [ 110.222447][ T5286] /dev/loop0: Can't open blockdev [pid 5286] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... ioctl resumed>) = 0 [pid 5287] ioctl(9, LOOP_SET_FD, 7) = 0 [pid 5287] close(7) = 0 [pid 5287] close(9) = 0 [pid 5287] mkdir("./bus", 0777) = -1 EEXIST (File exists) [ 110.271528][ T5195] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 110.286500][ T5287] loop0: detected capacity change from 0 to 512 [pid 5287] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5287] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 6 [pid 5287] chdir("./bus") = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5287] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] <... futex resumed>) = 0 [pid 5287] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5285] <... futex resumed>) = 1 [pid 5286] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [ 110.365196][ T5287] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.377936][ T5287] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/46/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5285] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5285] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5285] <... futex resumed>) = 1 [pid 5285] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0) = -1 ENOENT (No such file or directory) [pid 5287] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] <... futex resumed>) = 0 [pid 5287] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] <... mmap resumed>) = 0x20000000 [pid 5286] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] exit_group(0 [pid 5287] <... futex resumed>) = ? [pid 5287] +++ exited with 0 +++ [pid 5286] <... futex resumed>) = ? [pid 5285] <... exit_group resumed>) = ? [pid 5286] +++ exited with 0 +++ [pid 5285] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5285, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./46/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/cpuset.effective_cpus") = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 110.704130][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5291 attached , child_tidptr=0x5555563f2690) = 5291 [pid 5291] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5291] chdir("./47") = 0 [pid 5291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5291] setpgid(0, 0) = 0 [pid 5291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5291] write(3, "1000", 4) = 4 [pid 5291] close(3) = 0 [pid 5291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5291] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5291] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5291] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5292 attached [pid 5292] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5291] <... clone3 resumed> => {parent_tid=[5292]}, 88) = 5292 [pid 5292] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5291] rt_sigprocmask(SIG_SETMASK, [], [pid 5292] <... set_robust_list resumed>) = 0 [pid 5291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5291] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... openat resumed>) = 3 [pid 5292] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5291] <... futex resumed>) = 1 [pid 5292] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5291] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... openat resumed>) = 4 [pid 5292] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5292] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5291] <... futex resumed>) = 0 [pid 5292] dup3(4, 3, 0 [pid 5291] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... dup3 resumed>) = 3 [pid 5292] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5292] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5291] <... futex resumed>) = 0 [pid 5292] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5291] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... openat resumed>) = 5 [pid 5292] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5291] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5292] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5292] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5291] <... futex resumed>) = 0 [pid 5292] memfd_create("syzkaller", 0 [pid 5291] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] <... memfd_create resumed>) = 6 [pid 5291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5291] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5291] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5292] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5291] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5293 attached [pid 5293] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5293] set_robust_list(0x7f02a5b2b9a0, 24 [pid 5292] <... write resumed>) = 262144 [pid 5291] <... clone3 resumed> => {parent_tid=[5293]}, 88) = 5293 [pid 5293] <... set_robust_list resumed>) = 0 [pid 5292] munmap(0x7f029d600000, 138412032 [pid 5291] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5292] <... munmap resumed>) = 0 [pid 5291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5291] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] memfd_create("syzkaller", 0 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5293] <... memfd_create resumed>) = 7 [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5292] ioctl(8, LOOP_SET_FD, 6 [pid 5293] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5292] <... ioctl resumed>) = 0 [pid 5293] munmap(0x7f029d600000, 138412032) = 0 [pid 5292] close(6) = 0 [pid 5292] close(8) = 0 [pid 5292] mkdir("./bus", 0777 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5292] <... mkdir resumed>) = 0 [pid 5293] ioctl(6, LOOP_SET_FD, 7 [pid 5292] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5293] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5293] ioctl(6, LOOP_CLR_FD) = 0 [pid 5292] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5292] ioctl(8, LOOP_CLR_FD) = 0 [pid 5292] close(8 [pid 5293] ioctl(6, LOOP_SET_FD, 7 [pid 5292] <... close resumed>) = 0 [pid 5293] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5292] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] close(6 [pid 5292] <... futex resumed>) = 0 [pid 5293] <... close resumed>) = 0 [pid 5292] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] close(7) = 0 [pid 5293] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5293] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5291] <... futex resumed>) = 1 [ 111.008728][ T5292] loop0: detected capacity change from 0 to 512 [ 111.038407][ T5292] /dev/loop0: Can't open blockdev [pid 5291] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5291] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5291] <... futex resumed>) = 1 [pid 5293] <... setxattr resumed>) = -1 ENOENT (No such file or directory) [pid 5291] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] <... mmap resumed>) = 0x20000000 [pid 5292] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] exit_group(0 [pid 5293] <... futex resumed>) = ? [pid 5292] <... futex resumed>) = ? [pid 5291] <... exit_group resumed>) = ? [pid 5293] +++ exited with 0 +++ [pid 5292] +++ exited with 0 +++ [pid 5291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5291, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./47/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/cpuset.effective_cpus") = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5295 attached , child_tidptr=0x5555563f2690) = 5295 [pid 5295] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5295] chdir("./48") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5295] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5296 attached [pid 5296] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053 [pid 5295] <... clone3 resumed> => {parent_tid=[5296]}, 88) = 5296 [pid 5296] <... rseq resumed>) = 0 [pid 5296] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], [pid 5296] <... set_robust_list resumed>) = 0 [pid 5295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], [pid 5295] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5296] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... openat resumed>) = 3 [pid 5296] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = 1 [pid 5296] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5295] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... openat resumed>) = 4 [pid 5296] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = 0 [pid 5296] <... futex resumed>) = 1 [pid 5295] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] dup3(4, 3, 0 [pid 5295] <... futex resumed>) = 0 [pid 5296] <... dup3 resumed>) = 3 [pid 5295] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] <... futex resumed>) = 0 [pid 5296] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5295] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... openat resumed>) = 5 [pid 5296] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] <... futex resumed>) = 0 [pid 5296] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5295] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5296] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] <... futex resumed>) = 0 [pid 5296] memfd_create("syzkaller", 0 [pid 5295] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... memfd_create resumed>) = 6 [pid 5295] <... futex resumed>) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5295] <... mmap resumed>) = 0x7f02a5b0b000 [pid 5296] <... mmap resumed>) = 0x7f029d600000 [pid 5295] mprotect(0x7f02a5b0c000, 131072, PROT_READ|PROT_WRITE [pid 5296] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5295] <... mprotect resumed>) = 0 [pid 5295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b2b990, parent_tid=0x7f02a5b2b990, exit_signal=0, stack=0x7f02a5b0b000, stack_size=0x20300, tls=0x7f02a5b2b6c0}./strace-static-x86_64: Process 5297 attached [pid 5296] <... write resumed>) = 262144 [pid 5295] <... clone3 resumed> => {parent_tid=[5297]}, 88) = 5297 [pid 5297] rseq(0x7f02a5b2bfe0, 0x20, 0, 0x53053053) = 0 [pid 5297] set_robust_list(0x7f02a5b2b9a0, 24) = 0 [pid 5296] munmap(0x7f029d600000, 138412032 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], [pid 5297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5297] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] <... munmap resumed>) = 0 [pid 5295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5295] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5297] memfd_create("syzkaller", 0 [pid 5296] <... openat resumed>) = 7 [pid 5296] ioctl(7, LOOP_SET_FD, 6 [pid 5297] <... memfd_create resumed>) = 8 [pid 5297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f029d600000 [pid 5296] <... ioctl resumed>) = 0 [pid 5296] close(6) = 0 [pid 5296] close(7 [pid 5297] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5296] <... close resumed>) = 0 [pid 5297] <... write resumed>) = 262144 [pid 5296] mkdir("./bus", 0777) = 0 [pid 5296] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue" [pid 5297] munmap(0x7f029d600000, 138412032) = 0 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 111.609883][ T5296] loop0: detected capacity change from 0 to 512 [pid 5297] close(8) = 0 [pid 5297] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f02a5c17718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f02a5c1771c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... mount resumed>) = 0 [pid 5296] openat(AT_FDCWD, 0x20000500, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5296] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 111.666033][ T5296] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.679129][ T5296] ext4 filesystem being mounted at /root/syzkaller.a7bkEY/48/bus supports timestamps until 2038-01-19 (0x7fffffff) [pid 5296] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5295] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = 1 [pid 5296] setxattr(0x20000340, 0x20000400, 0x200003c0, 58375, 0 [pid 5295] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... setxattr resumed>) = 0 [pid 5296] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] <... mmap resumed>) = 0x20000000 [pid 5297] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7f02a5c17718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] exit_group(0) = ? [pid 5297] <... futex resumed>) = ? [pid 5296] <... futex resumed>) = ? [pid 5296] +++ exited with 0 +++ [pid 5297] +++ exited with 0 +++ [pid 5295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5295, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563f3730 /* 6 entries */, 32768) = 192 umount2("./48/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/cpuset.effective_cpus") = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 111.989015][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563fb770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563fb770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/cgroup.controllers") = 0 getdents64(3, 0x5555563f3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5301 attached , child_tidptr=0x5555563f2690) = 5301 [pid 5301] set_robust_list(0x5555563f26a0, 24) = 0 [pid 5301] chdir("./49") = 0 [pid 5301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5301] setpgid(0, 0) = 0 [pid 5301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5301] write(3, "1000", 4) = 4 [pid 5301] close(3) = 0 [pid 5301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5301] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] rt_sigaction(SIGRT_1, {sa_handler=0x7f02a5bb6070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a5ba7220}, NULL, 8) = 0 [pid 5301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b2c000 [pid 5301] mprotect(0x7f02a5b2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f02a5b4c990, parent_tid=0x7f02a5b4c990, exit_signal=0, stack=0x7f02a5b2c000, stack_size=0x20300, tls=0x7f02a5b4c6c0}./strace-static-x86_64: Process 5302 attached [pid 5302] rseq(0x7f02a5b4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5302] set_robust_list(0x7f02a5b4c9a0, 24 [pid 5301] <... clone3 resumed> => {parent_tid=[5302]}, 88) = 5302 [pid 5302] <... set_robust_list resumed>) = 0 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] rt_sigprocmask(SIG_SETMASK, [], [pid 5301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5301] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... openat resumed>) = 3 [pid 5302] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] futex(0x7f02a5c17708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5301] <... futex resumed>) = 1 [pid 5302] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5301] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... openat resumed>) = 4 [pid 5302] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5301] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] dup3(4, 3, 0 [pid 5301] <... futex resumed>) = 0 [pid 5302] <... dup3 resumed>) = 3 [pid 5301] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5301] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5301] <... futex resumed>) = 0 [pid 5302] <... openat resumed>) = 5 [pid 5301] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f02a5c1770c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5301] futex(0x7f02a5c17708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0 [pid 5301] <... futex resumed>) = 0 [ 112.309064][ T5302] ------------[ cut here ]------------ [ 112.314581][ T5302] Looking for class "&ei->i_data_sem" with key init_once.__key.785, but found a different class "&ei->i_data_sem" with the same key [ 112.328227][ T5302] WARNING: CPU: 0 PID: 5302 at kernel/locking/lockdep.c:935 look_up_lock_class+0xdc/0x160 [ 112.338147][ T5302] Modules linked in: [ 112.342047][ T5302] CPU: 0 PID: 5302 Comm: syz-executor422 Not tainted 6.8.0-rc4-syzkaller-00395-gf2667e0c3240 #0 [pid 5301] futex(0x7f02a5c1770c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5301] futex(0x7f02a5c1771c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02a5b0b000 [ 112.352457][ T5302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 112.362516][ T5302] RIP: 0010:look_up_lock_class+0xdc/0x160 [ 112.368248][ T5302] Code: 01 0f 85 80 00 00 00 c6 05 92 65 09 04 01 90 49 8b 16 49 8b 76 18 48 8b 8b b8 00 00 00 48 c7 c7 80 d6 aa 8b e8 c5 c2 f0 f5 90 <0f> 0b 90 90 eb 57 90 e8 78 90 35 f9 48 c7 c7 c0 d5 aa 8b 89 de e8 [ 112.387860][ T5302] RSP: 0018:ffffc9000491f3f0 EFLAGS: 00010046 [ 112.393944][ T5302] RAX: ed48a97d6781d800 RBX: ffffffff929c0c28 RCX: ffff88802b515940 [ 112.401927][ T5302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 112.409907][ T5302] RBP: ffffc9000491f500 R08: ffffffff81577992 R09: 1ffff110172851a2 [ 112.417889][ T5302] R10: dffffc0000000000 R11: ffffed10172851a3 R12: ffff88807bac9688 [ 112.425874][ T5302] R13: ffff88807bac9688 R14: ffff88807bac9688 R15: ffffffff945b29a1 [ 112.433858][ T5302] FS: 00007f02a5b4c6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 112.442803][ T5302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.449397][ T5302] CR2: 00007ffcfc6779f0 CR3: 00000000230f4000 CR4: 0000000000350ef0 [ 112.457381][ T5302] Call Trace: [ 112.460672][ T5302] [ 112.463608][ T5302] ? __warn+0x162/0x4b0 [ 112.467780][ T5302] ? look_up_lock_class+0xdc/0x160 [ 112.472914][ T5302] ? report_bug+0x2b3/0x500 [ 112.477425][ T5302] ? look_up_lock_class+0xdc/0x160 [ 112.482559][ T5302] ? handle_bug+0x3e/0x70 [ 112.486911][ T5302] ? exc_invalid_op+0x1a/0x50 [ 112.491612][ T5302] ? asm_exc_invalid_op+0x1a/0x20 [ 112.496661][ T5302] ? __warn_printk+0x292/0x360 [ 112.501532][ T5302] ? look_up_lock_class+0xdc/0x160 [ 112.506663][ T5302] register_lock_class+0x102/0x980 [ 112.511820][ T5302] ? mark_lock+0x9a/0x350 [ 112.516158][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.521021][ T5302] ? __pfx_validate_chain+0x10/0x10 [ 112.526228][ T5302] ? __pfx_register_lock_class+0x10/0x10 [ 112.531886][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.536752][ T5302] __lock_acquire+0xd9/0x1fd0 [ 112.541466][ T5302] lock_acquire+0x1e3/0x530 [ 112.545994][ T5302] ? ext4_move_extents+0x39d/0xec0 [ 112.551129][ T5302] ? __pfx_lock_acquire+0x10/0x10 [ 112.556179][ T5302] ? __pfx___might_resched+0x10/0x10 [ 112.562171][ T5302] ? __down_write_common+0x161/0x200 [ 112.567473][ T5302] ? __pfx_inode_dio_wait+0x10/0x10 [ 112.572690][ T5302] ? __pfx___down_write_common+0x10/0x10 [ 112.578344][ T5302] ? __pfx___down_write_common+0x10/0x10 [ 112.584003][ T5302] down_write_nested+0x3d/0x50 [ 112.588869][ T5302] ? ext4_move_extents+0x39d/0xec0 [ 112.593994][ T5302] ext4_move_extents+0x39d/0xec0 [ 112.598956][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.603998][ T5302] ? rcu_read_lock_any_held+0xb7/0x160 [ 112.609482][ T5302] ? __pfx_ext4_move_extents+0x10/0x10 [ 112.614968][ T5302] ? __fget_files+0x28/0x470 [ 112.619583][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.624446][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.629304][ T5302] ext4_ioctl+0x349a/0x5540 [ 112.633828][ T5302] ? poison_slab_object+0xa6/0xe0 [ 112.638877][ T5302] ? __kasan_slab_free+0x34/0x70 [ 112.643854][ T5302] ? do_syscall_64+0xfb/0x240 [ 112.648557][ T5302] ? __pfx_ext4_ioctl+0x10/0x10 [ 112.653427][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.658284][ T5302] ? mark_lock+0x9a/0x350 [ 112.662625][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.667482][ T5302] ? do_vfs_ioctl+0x1c72/0x2b60 [ 112.672352][ T5302] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 112.677398][ T5302] ? __pfx_lock_release+0x10/0x10 [ 112.682445][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.687302][ T5302] ? __kasan_slab_free+0x46/0x70 [ 112.692262][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.697121][ T5302] ? kfree+0x14a/0x380 [ 112.701206][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.706062][ T5302] ? tomoyo_path_number_perm+0x71a/0x880 [ 112.711716][ T5302] ? tomoyo_path_number_perm+0x208/0x880 [ 112.717365][ T5302] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 112.723375][ T5302] ? __pfx_lock_acquire+0x10/0x10 [ 112.728436][ T5302] ? __fget_files+0x28/0x470 [ 112.733047][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.737901][ T5302] ? __fget_files+0x28/0x470 [ 112.742512][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.747366][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.752226][ T5302] ? security_file_ioctl+0x87/0xb0 [ 112.757358][ T5302] ? __pfx_ext4_ioctl+0x10/0x10 [ 112.762232][ T5302] __se_sys_ioctl+0xfe/0x170 [ 112.766845][ T5302] do_syscall_64+0xfb/0x240 [ 112.771372][ T5302] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 112.777289][ T5302] RIP: 0033:0x7f02a5b8fc59 [ 112.781814][ T5302] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 112.801518][ T5302] RSP: 002b:00007f02a5b4c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 112.809941][ T5302] RAX: ffffffffffffffda RBX: 00007f02a5c17708 RCX: 00007f02a5b8fc59 [ 112.817923][ T5302] RDX: 00000000200000c0 RSI: 00000000c028660f RDI: 0000000000000003 [ 112.825902][ T5302] RBP: 00007f02a5c17700 R08: 0000000000000000 R09: 0000000000000000 [ 112.833878][ T5302] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02a5be4568 [ 112.841854][ T5302] R13: b635773f06ebbeee R14: 0079616c7265766f R15: 69662f7375622f2e [ 112.849854][ T5302] [ 112.852892][ T5302] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 112.860172][ T5302] CPU: 0 PID: 5302 Comm: syz-executor422 Not tainted 6.8.0-rc4-syzkaller-00395-gf2667e0c3240 #0 [ 112.870594][ T5302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 112.880652][ T5302] Call Trace: [ 112.883936][ T5302] [ 112.886867][ T5302] dump_stack_lvl+0x1e7/0x2e0 [ 112.891576][ T5302] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.896793][ T5302] ? __pfx__printk+0x10/0x10 [ 112.901400][ T5302] ? _printk+0xd5/0x120 [ 112.905574][ T5302] ? srso_return_thunk+0x5/0x5f [ 112.910432][ T5302] ? vscnprintf+0x5d/0x90 [ 112.914770][ T5302] panic+0x349/0x860 [ 112.918680][ T5302] ? __warn+0x171/0x4b0 [ 112.922851][ T5302] ? __pfx_panic+0x10/0x10 [ 112.927282][ T5302] ? show_trace_log_lvl+0x4e4/0x520 [ 112.932513][ T5302] __warn+0x31c/0x4b0 [ 112.936512][ T5302] ? look_up_lock_class+0xdc/0x160 [ 112.941642][ T5302] report_bug+0x2b3/0x500 [ 112.945978][ T5302] ? look_up_lock_class+0xdc/0x160 [ 112.951109][ T5302] handle_bug+0x3e/0x70 [ 112.955283][ T5302] exc_invalid_op+0x1a/0x50 [ 112.959810][ T5302] asm_exc_invalid_op+0x1a/0x20 [ 112.964684][ T5302] RIP: 0010:look_up_lock_class+0xdc/0x160 [ 112.970445][ T5302] Code: 01 0f 85 80 00 00 00 c6 05 92 65 09 04 01 90 49 8b 16 49 8b 76 18 48 8b 8b b8 00 00 00 48 c7 c7 80 d6 aa 8b e8 c5 c2 f0 f5 90 <0f> 0b 90 90 eb 57 90 e8 78 90 35 f9 48 c7 c7 c0 d5 aa 8b 89 de e8 [ 112.990059][ T5302] RSP: 0018:ffffc9000491f3f0 EFLAGS: 00010046 [ 112.996136][ T5302] RAX: ed48a97d6781d800 RBX: ffffffff929c0c28 RCX: ffff88802b515940 [ 113.004116][ T5302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 113.012091][ T5302] RBP: ffffc9000491f500 R08: ffffffff81577992 R09: 1ffff110172851a2 [ 113.020069][ T5302] R10: dffffc0000000000 R11: ffffed10172851a3 R12: ffff88807bac9688 [ 113.028045][ T5302] R13: ffff88807bac9688 R14: ffff88807bac9688 R15: ffffffff945b29a1 [ 113.036030][ T5302] ? __warn_printk+0x292/0x360 [ 113.040827][ T5302] register_lock_class+0x102/0x980 [ 113.045961][ T5302] ? mark_lock+0x9a/0x350 [ 113.050296][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.055157][ T5302] ? __pfx_validate_chain+0x10/0x10 [ 113.060365][ T5302] ? __pfx_register_lock_class+0x10/0x10 [ 113.066017][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.070879][ T5302] __lock_acquire+0xd9/0x1fd0 [ 113.075591][ T5302] lock_acquire+0x1e3/0x530 [ 113.080111][ T5302] ? ext4_move_extents+0x39d/0xec0 [ 113.085244][ T5302] ? __pfx_lock_acquire+0x10/0x10 [ 113.090291][ T5302] ? __pfx___might_resched+0x10/0x10 [ 113.095583][ T5302] ? __down_write_common+0x161/0x200 [ 113.100887][ T5302] ? __pfx_inode_dio_wait+0x10/0x10 [ 113.106240][ T5302] ? __pfx___down_write_common+0x10/0x10 [ 113.111891][ T5302] ? __pfx___down_write_common+0x10/0x10 [ 113.117540][ T5302] down_write_nested+0x3d/0x50 [ 113.122317][ T5302] ? ext4_move_extents+0x39d/0xec0 [ 113.127443][ T5302] ext4_move_extents+0x39d/0xec0 [ 113.132480][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.137341][ T5302] ? rcu_read_lock_any_held+0xb7/0x160 [ 113.142827][ T5302] ? __pfx_ext4_move_extents+0x10/0x10 [ 113.148303][ T5302] ? __fget_files+0x28/0x470 [ 113.152918][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.157774][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.162632][ T5302] ext4_ioctl+0x349a/0x5540 [ 113.167152][ T5302] ? poison_slab_object+0xa6/0xe0 [ 113.172194][ T5302] ? __kasan_slab_free+0x34/0x70 [ 113.177151][ T5302] ? do_syscall_64+0xfb/0x240 [ 113.181854][ T5302] ? __pfx_ext4_ioctl+0x10/0x10 [ 113.186725][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.191585][ T5302] ? mark_lock+0x9a/0x350 [ 113.195929][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.200786][ T5302] ? do_vfs_ioctl+0x1c72/0x2b60 [ 113.205656][ T5302] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 113.210698][ T5302] ? __pfx_lock_release+0x10/0x10 [ 113.215749][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.220604][ T5302] ? __kasan_slab_free+0x46/0x70 [ 113.225560][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.230421][ T5302] ? kfree+0x14a/0x380 [ 113.234518][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.239381][ T5302] ? tomoyo_path_number_perm+0x71a/0x880 [ 113.245045][ T5302] ? tomoyo_path_number_perm+0x208/0x880 [ 113.250702][ T5302] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 113.256715][ T5302] ? __pfx_lock_acquire+0x10/0x10 [ 113.261777][ T5302] ? __fget_files+0x28/0x470 [ 113.266390][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.271249][ T5302] ? __fget_files+0x28/0x470 [ 113.275863][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.280723][ T5302] ? srso_return_thunk+0x5/0x5f [ 113.285580][ T5302] ? security_file_ioctl+0x87/0xb0 [ 113.290720][ T5302] ? __pfx_ext4_ioctl+0x10/0x10 [ 113.295596][ T5302] __se_sys_ioctl+0xfe/0x170 [ 113.300217][ T5302] do_syscall_64+0xfb/0x240 [ 113.304753][ T5302] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 113.310670][ T5302] RIP: 0033:0x7f02a5b8fc59 [ 113.315098][ T5302] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 113.334723][ T5302] RSP: 002b:00007f02a5b4c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 113.343159][ T5302] RAX: ffffffffffffffda RBX: 00007f02a5c17708 RCX: 00007f02a5b8fc59 [ 113.351145][ T5302] RDX: 00000000200000c0 RSI: 00000000c028660f RDI: 0000000000000003 [ 113.359124][ T5302] RBP: 00007f02a5c17700 R08: 0000000000000000 R09: 0000000000000000 [ 113.367113][ T5302] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02a5be4568 [ 113.375106][ T5302] R13: b635773f06ebbeee R14: 0079616c7265766f R15: 69662f7375622f2e [ 113.383105][ T5302] [ 113.386367][ T5302] Kernel Offset: disabled [ 113.390688][ T5302] Rebooting in 86400 seconds..