./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3977487885 <...> Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts. execve("./syz-executor3977487885", ["./syz-executor3977487885"], 0x7ffd541b5510 /* 10 vars */) = 0 brk(NULL) = 0x5555570c1000 brk(0x5555570c1c40) = 0x5555570c1c40 arch_prctl(ARCH_SET_FS, 0x5555570c1300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555570c15d0) = 5062 set_robust_list(0x5555570c15e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f40088b85f0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f40088b8cc0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f40088b8690, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f40088b8cc0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3977487885", 4096) = 28 brk(0x5555570e2c40) = 0x5555570e2c40 brk(0x5555570e3000) = 0x5555570e3000 mprotect(0x7f400897a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5062 mkdir("./syzkaller.T3Hw3V", 0700) = 0 chmod("./syzkaller.T3Hw3V", 0777) = 0 chdir("./syzkaller.T3Hw3V") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5063 ./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5063] chdir("./0") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5063] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5065], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5065 [pid 5063] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5065] munmap(0x7f4000487000, 1048576) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file0", 0777) = 0 [pid 5065] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file0") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = 1 [pid 5065] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5065] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5063] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5069], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5069 [pid 5063] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = 1 [pid 5065] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5065] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5069] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5069] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5063] <... futex resumed>) = 1 [pid 5065] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5063] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 1 [pid 5069] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... write resumed>) = 7 [pid 5065] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5065] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] exit_group(0 [pid 5065] <... futex resumed>) = ? [pid 5063] <... exit_group resumed>) = ? [pid 5069] <... futex resumed>) = ? [pid 5065] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ [pid 5063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 49.921442][ T5065] loop0: detected capacity change from 0 to 2048 [ 49.932310][ T5065] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 49.958682][ T5065] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5070 ./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5070] chdir("./1") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5070] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5071], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5071 [pid 5070] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5071] munmap(0x7f4000487000, 1048576) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 50.008615][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file0", 0777) = 0 [pid 5071] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./file0") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [pid 5071] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5071] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... openat resumed>) = 4 [pid 5071] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5071] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... futex resumed>) = 0 [pid 5071] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5070] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... ioctl resumed>) = 0 [pid 5070] <... futex resumed>) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5071] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... mmap resumed>) = 0x7f4000566000 [pid 5071] <... futex resumed>) = 0 [pid 5070] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5071] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... mprotect resumed>) = 0 [pid 5070] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5074 attached , parent_tid=[5074], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5074 [pid 5074] set_robust_list(0x7f40005869e0, 24 [pid 5070] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... set_robust_list resumed>) = 0 [pid 5070] <... futex resumed>) = 0 [pid 5074] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... openat resumed>) = 5 [pid 5074] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5074] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5071] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5070] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... write resumed>) = 7 [pid 5071] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5071] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] exit_group(0) = ? [pid 5074] <... futex resumed>) = ? [pid 5071] <... futex resumed>) = ? [pid 5074] +++ exited with 0 +++ [pid 5071] +++ exited with 0 +++ [pid 5070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 50.061906][ T5071] loop0: detected capacity change from 0 to 2048 [ 50.072443][ T5071] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.097007][ T5071] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5075 ./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5075] chdir("./2") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5075] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5076 attached , parent_tid=[5076], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5076 [pid 5076] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5075] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 50.145413][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5076] munmap(0x7f4000487000, 1048576) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5076] close(3) = 0 [pid 5076] mkdir("./file0", 0777) = 0 [pid 5076] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5076] chdir("./file0") = 0 [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [pid 5076] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5076] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5076] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] <... futex resumed>) = 0 [pid 5076] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5075] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5075] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5079], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5079 [pid 5075] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... ioctl resumed>) = 0 [pid 5076] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5079] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5079] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5076] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5075] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... write resumed>) = 7 [ 50.210021][ T5076] loop0: detected capacity change from 0 to 2048 [ 50.220190][ T5076] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.237031][ T5076] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5076] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5076] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] exit_group(0) = ? [pid 5076] <... futex resumed>) = ? [pid 5079] <... futex resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5080] chdir("./3") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5080] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5081], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5081 [pid 5080] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5081] munmap(0x7f4000487000, 1048576) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 50.276543][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file0", 0777) = 0 [pid 5081] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file0") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5081] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5080] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5084], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5084 [pid 5080] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5081] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5084] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5084] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5081] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5080] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 1 [pid 5081] <... write resumed>) = 7 [pid 5081] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5081] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] exit_group(0 [pid 5081] <... futex resumed>) = ? [pid 5080] <... exit_group resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 50.332685][ T5081] loop0: detected capacity change from 0 to 2048 [ 50.342509][ T5081] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.366945][ T5081] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5085] chdir("./4") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5085] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5086 attached , parent_tid=[5086], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5086 [pid 5086] set_robust_list(0x7f40088a79e0, 24 [pid 5085] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 50.409023][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5086] munmap(0x7f4000487000, 1048576) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file0", 0777) = 0 [pid 5086] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file0") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5086] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5086] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5085] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5086] <... ioctl resumed>) = 0 [pid 5085] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5086] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... mprotect resumed>) = 0 [pid 5085] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... clone resumed>, parent_tid=[5089], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5089 [pid 5085] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5089 attached [pid 5085] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5089] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5089] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5089] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = 1 [pid 5086] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5085] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... write resumed>) = 7 [pid 5086] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] exit_group(0 [pid 5089] <... futex resumed>) = ? [pid 5086] <... futex resumed>) = ? [pid 5085] <... exit_group resumed>) = ? [pid 5089] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 50.474048][ T5086] loop0: detected capacity change from 0 to 2048 [ 50.484073][ T5086] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.506818][ T5086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5090 ./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5090] chdir("./5") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5090] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5091], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5091 [pid 5090] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 50.551920][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5091] munmap(0x7f4000487000, 1048576) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file0", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file0") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5090] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... openat resumed>) = 4 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5090] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... ioctl resumed>) = 0 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... mmap resumed>) = 0x7f4000566000 [pid 5091] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5094], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5094 [pid 5090] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5094] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5094] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5091] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5090] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... write resumed>) = 7 [pid 5091] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] exit_group(0) = ? [pid 5091] <... futex resumed>) = ? [pid 5094] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 50.617718][ T5091] loop0: detected capacity change from 0 to 2048 [ 50.627820][ T5091] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.646458][ T5091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5095 ./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5095] chdir("./6") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5095] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5096], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5096 [pid 5095] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5096 attached ) = 0 [pid 5095] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5096] munmap(0x7f4000487000, 1048576) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 50.689826][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file0", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file0") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 1 [pid 5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5096] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5095] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5099], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5099 [pid 5095] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 1 [pid 5096] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5096] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5099] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5099] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 0 [pid 5096] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5099] <... futex resumed>) = 1 [pid 5099] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... write resumed>) = 7 [pid 5096] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0) = ? [pid 5096] <... futex resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5099] <... futex resumed>) = ? [pid 5099] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 50.737914][ T5096] loop0: detected capacity change from 0 to 2048 [ 50.747631][ T5096] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.766633][ T5096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5100] chdir("./7") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5100] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5101], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5101 [pid 5100] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5101] memfd_create("syzkaller", 0) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5101] munmap(0x7f4000487000, 1048576) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 50.810887][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file0", 0777) = 0 [pid 5101] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file0") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5100] <... futex resumed>) = 0 [pid 5101] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5100] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... openat resumed>) = 4 [pid 5101] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5100] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... ioctl resumed>) = 0 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5101] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] <... mmap resumed>) = 0x7f4000566000 [pid 5100] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5104], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5104 [pid 5100] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5104] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5104] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5101] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5100] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... write resumed>) = 7 [pid 5101] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] exit_group(0 [pid 5101] <... futex resumed>) = ? [pid 5100] <... exit_group resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5104] <... futex resumed>) = ? [pid 5104] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 50.871224][ T5101] loop0: detected capacity change from 0 to 2048 [ 50.880845][ T5101] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.906694][ T5101] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5105] chdir("./8") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5105] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5106], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5106 [pid 5105] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5106] munmap(0x7f4000487000, 1048576) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 50.948856][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file0", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file0") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [pid 5106] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5106] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5105] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5109 attached [pid 5106] <... futex resumed>) = 1 [pid 5105] <... clone resumed>, parent_tid=[5109], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5109 [pid 5105] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5109] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5106] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5106] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... openat resumed>) = 5 [pid 5109] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5109] <... futex resumed>) = 1 [pid 5106] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5105] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] <... write resumed>) = 7 [pid 5106] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5106] <... futex resumed>) = 1 [pid 5105] exit_group(0 [pid 5109] <... futex resumed>) = ? [pid 5105] <... exit_group resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 50.999662][ T5106] loop0: detected capacity change from 0 to 2048 [ 51.008951][ T5106] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.026973][ T5106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5110 ./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5110] chdir("./9") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5110] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5111 attached , parent_tid=[5111], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5111 [pid 5111] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5111] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5110] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5111] munmap(0x7f4000487000, 1048576) = 0 [ 51.076443][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./file0", 0777) = 0 [ 51.137562][ T5111] loop0: detected capacity change from 0 to 2048 [ 51.147548][ T5111] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5111] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file0") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5111] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5110] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5114], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5114 [pid 5110] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5111] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5114 attached ) = 0 [pid 5111] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5114] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5114] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 0 [pid 5111] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5111] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] exit_group(0) = ? [pid 5111] <... futex resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5114] <... futex resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 51.177034][ T5111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5115 ./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5115] chdir("./10") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5115] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5116], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5116 [pid 5115] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5116] memfd_create("syzkaller", 0) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5116] munmap(0x7f4000487000, 1048576) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.215815][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] mkdir("./file0", 0777) = 0 [pid 5116] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./file0") = 0 [pid 5116] ioctl(4, LOOP_CLR_FD) = 0 [pid 5116] close(4) = 0 [pid 5116] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... futex resumed>) = 1 [pid 5116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5116] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5115] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5119], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5119 [pid 5115] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... futex resumed>) = 1 [pid 5116] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5116] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5119 attached ) = 0 [pid 5119] set_robust_list(0x7f40005869e0, 24 [pid 5116] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... set_robust_list resumed>) = 0 [pid 5119] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5119] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5119] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5115] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5116] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] exit_group(0 [pid 5119] <... futex resumed>) = ? [pid 5116] <... futex resumed>) = ? [pid 5115] <... exit_group resumed>) = ? [pid 5116] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 51.276171][ T5116] loop0: detected capacity change from 0 to 2048 [ 51.285527][ T5116] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.306835][ T5116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5120 ./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5120] chdir("./11") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5120] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5121], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5121 [pid 5120] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5121] munmap(0x7f4000487000, 1048576) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.354139][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5121] close(3) = 0 [pid 5121] mkdir("./file0", 0777) = 0 [pid 5121] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5121] chdir("./file0") = 0 [pid 5121] ioctl(4, LOOP_CLR_FD) = 0 [pid 5121] close(4) = 0 [pid 5121] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5121] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5120] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... openat resumed>) = 4 [pid 5121] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5121] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5120] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... ioctl resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... mmap resumed>) = 0x7f4000566000 [pid 5121] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5124], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5124 [pid 5120] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5124 attached ) = 0 [pid 5124] set_robust_list(0x7f40005869e0, 24 [pid 5120] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... set_robust_list resumed>) = 0 [pid 5124] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5124] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5124] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 1 [pid 5121] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5120] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... write resumed>) = 7 [pid 5121] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] exit_group(0 [pid 5124] <... futex resumed>) = ? [pid 5121] <... futex resumed>) = ? [pid 5120] <... exit_group resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 51.411933][ T5121] loop0: detected capacity change from 0 to 2048 [ 51.421894][ T5121] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.436704][ T5121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5125] chdir("./12") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5125] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5126], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5126 [pid 5125] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5126] munmap(0x7f4000487000, 1048576) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.485133][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 [pid 5126] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5126] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5125] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5129], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5129 [pid 5125] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 [pid 5126] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5126] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5129] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5129] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5125] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5125] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5126] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] exit_group(0 [pid 5126] <... futex resumed>) = ? [pid 5125] <... exit_group resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5129] <... futex resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 51.542507][ T5126] loop0: detected capacity change from 0 to 2048 [ 51.551955][ T5126] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.567094][ T5126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5130 ./strace-static-x86_64: Process 5130 attached [pid 5130] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5130] chdir("./13") = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5130] setpgid(0, 0) = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5130] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5130] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5131], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5131 [pid 5130] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5131] memfd_create("syzkaller", 0) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5131] munmap(0x7f4000487000, 1048576) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.615201][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5131] close(3) = 0 [pid 5131] mkdir("./file0", 0777) = 0 [pid 5131] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5131] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5131] chdir("./file0") = 0 [pid 5131] ioctl(4, LOOP_CLR_FD) = 0 [pid 5131] close(4) = 0 [pid 5131] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... futex resumed>) = 0 [pid 5131] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5131] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5131] <... futex resumed>) = 1 [pid 5130] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5130] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5134], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5134 [pid 5131] <... ioctl resumed>) = 0 [pid 5130] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5134 attached [pid 5131] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5134] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5134] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... futex resumed>) = 0 [pid 5131] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5134] <... futex resumed>) = 1 [pid 5134] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... write resumed>) = 7 [pid 5131] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5130] exit_group(0 [pid 5134] <... futex resumed>) = ? [pid 5131] <... futex resumed>) = ? [pid 5130] <... exit_group resumed>) = ? [pid 5134] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ [pid 5130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 51.672731][ T5131] loop0: detected capacity change from 0 to 2048 [ 51.682036][ T5131] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.696813][ T5131] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5135 ./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5135] chdir("./14") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5135] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5136], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5136 [pid 5135] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5136] munmap(0x7f4000487000, 1048576) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.752535][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5136] close(3) = 0 [pid 5136] mkdir("./file0", 0777) = 0 [pid 5136] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./file0") = 0 [pid 5136] ioctl(4, LOOP_CLR_FD) = 0 [pid 5136] close(4) = 0 [pid 5136] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 0 [pid 5136] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5136] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5135] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5139 attached [pid 5136] <... futex resumed>) = 1 [pid 5135] <... clone resumed>, parent_tid=[5139], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5139 [pid 5135] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5139] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5136] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5139] <... openat resumed>) = 5 [pid 5139] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... ioctl resumed>) = 0 [pid 5136] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5139] <... futex resumed>) = 1 [pid 5136] <... futex resumed>) = 1 [pid 5135] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5139] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5136] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] exit_group(0) = ? [pid 5139] <... futex resumed>) = ? [pid 5136] <... futex resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 51.812104][ T5136] loop0: detected capacity change from 0 to 2048 [ 51.822142][ T5136] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.847072][ T5136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5140 ./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5140] chdir("./15") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5140] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5141 attached , parent_tid=[5141], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5141 [pid 5140] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5141] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5141] memfd_create("syzkaller", 0) = 3 [ 51.898434][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5141] munmap(0x7f4000487000, 1048576) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file0", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file0") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 0 [pid 5141] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5141] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5140] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5140] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5141] <... ioctl resumed>) = 0 [pid 5141] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... clone resumed>, parent_tid=[5144], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5144 [pid 5141] <... futex resumed>) = 0 [pid 5140] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5144] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5144] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5141] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5140] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5144] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... write resumed>) = 7 [pid 5141] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] exit_group(0 [pid 5144] <... futex resumed>) = ? [pid 5141] <... futex resumed>) = ? [pid 5140] <... exit_group resumed>) = ? [pid 5144] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 51.972220][ T5141] loop0: detected capacity change from 0 to 2048 [ 51.981380][ T5141] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.996929][ T5141] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5145 ./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5145] chdir("./16") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5145] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5146 attached , parent_tid=[5146], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5146 [pid 5145] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5146] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5146] memfd_create("syzkaller", 0) = 3 [pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 52.041003][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5146] munmap(0x7f4000487000, 1048576) = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5146] close(3) = 0 [pid 5146] mkdir("./file0", 0777) = 0 [pid 5146] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5146] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5146] chdir("./file0") = 0 [pid 5146] ioctl(4, LOOP_CLR_FD) = 0 [pid 5146] close(4) = 0 [pid 5146] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 1 [pid 5146] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5146] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5145] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5149 attached [pid 5146] <... futex resumed>) = 1 [pid 5149] set_robust_list(0x7f40005869e0, 24 [pid 5145] <... clone resumed>, parent_tid=[5149], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5149 [pid 5145] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5149] <... set_robust_list resumed>) = 0 [pid 5149] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5146] <... ioctl resumed>) = 0 [pid 5146] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... openat resumed>) = 5 [pid 5149] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5149] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5146] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5145] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... write resumed>) = 7 [pid 5146] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] exit_group(0 [pid 5149] <... futex resumed>) = ? [pid 5145] <... exit_group resumed>) = ? [pid 5146] <... futex resumed>) = ? [pid 5149] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 52.107114][ T5146] loop0: detected capacity change from 0 to 2048 [ 52.116633][ T5146] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 52.136867][ T5146] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5150 ./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5150] chdir("./17") = 0 [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0) = 0 [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5150] write(3, "1000", 4) = 4 [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5150] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5150] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5151 attached , parent_tid=[5151], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5151 [pid 5150] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5151] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 52.186659][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5151] munmap(0x7f4000487000, 1048576) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] mkdir("./file0", 0777) = 0 [ 52.257915][ T5151] loop0: detected capacity change from 0 to 2048 [ 52.267548][ T5151] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5151] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5151] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./file0") = 0 [pid 5151] ioctl(4, LOOP_CLR_FD) = 0 [pid 5151] close(4) = 0 [pid 5151] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5151] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5150] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... openat resumed>) = 4 [pid 5151] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] <... futex resumed>) = 0 [pid 5151] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5150] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5150] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5154], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5154 [pid 5150] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5154 attached [pid 5154] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5154] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5151] <... ioctl resumed>) = 0 [pid 5151] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... openat resumed>) = 5 [pid 5154] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5154] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5151] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5150] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... write resumed>) = 7 [pid 5151] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] exit_group(0 [pid 5154] <... futex resumed>) = ? [pid 5150] <... exit_group resumed>) = ? [pid 5151] <... futex resumed>) = ? [pid 5154] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 52.296790][ T5151] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5155 ./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5155] chdir("./18") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5155] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5156], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5156 [pid 5155] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5156] memfd_create("syzkaller", 0) = 3 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 52.344884][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5156] munmap(0x7f4000487000, 1048576) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file0", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 52.398149][ T5156] loop0: detected capacity change from 0 to 2048 [ 52.407781][ T5156] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5156] chdir("./file0") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4) = 0 [pid 5156] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 1 [pid 5156] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5156] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5155] <... futex resumed>) = 0 [pid 5156] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5155] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] <... ioctl resumed>) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5156] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] <... mmap resumed>) = 0x7f4000566000 [pid 5156] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5159], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5159 [pid 5155] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5159] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5159] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5156] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5159] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... write resumed>) = 7 [pid 5156] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] exit_group(0 [pid 5156] <... futex resumed>) = ? [pid 5155] <... exit_group resumed>) = ? [pid 5159] <... futex resumed>) = ? [pid 5156] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 52.436840][ T5156] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5160 ./strace-static-x86_64: Process 5160 attached [pid 5160] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5160] chdir("./19") = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] write(3, "1000", 4) = 4 [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5160] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5160] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5161 attached , parent_tid=[5161], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5161 [pid 5160] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5161] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5161] memfd_create("syzkaller", 0) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 52.481356][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5161] munmap(0x7f4000487000, 1048576) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5161] close(3) = 0 [pid 5161] mkdir("./file0", 0777) = 0 [pid 5161] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [ 52.548144][ T5161] loop0: detected capacity change from 0 to 2048 [ 52.558442][ T5161] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5161] chdir("./file0") = 0 [pid 5161] ioctl(4, LOOP_CLR_FD) = 0 [pid 5161] close(4) = 0 [pid 5161] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5161] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... futex resumed>) = 0 [pid 5161] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5161] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5160] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5164], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5164 [pid 5160] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5164 attached [pid 5161] <... futex resumed>) = 1 [pid 5161] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5161] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] set_robust_list(0x7f40005869e0, 24 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... set_robust_list resumed>) = 0 [pid 5164] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5164] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5164] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5161] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5160] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... write resumed>) = 7 [pid 5161] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5160] exit_group(0) = ? [pid 5164] <... futex resumed>) = ? [pid 5164] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ [pid 5160] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 52.586747][ T5161] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5165 ./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5165] chdir("./20") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5165] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5166], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5166 [pid 5165] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 52.632708][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5166] munmap(0x7f4000487000, 1048576) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./file0", 0777) = 0 [pid 5166] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./file0") = 0 [pid 5166] ioctl(4, LOOP_CLR_FD) = 0 [pid 5166] close(4) = 0 [pid 5166] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 0 [pid 5166] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5166] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5166] <... futex resumed>) = 1 [pid 5165] <... mmap resumed>) = 0x7f4000566000 [pid 5165] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5166] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5165] <... mprotect resumed>) = 0 [pid 5165] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5169 attached [pid 5166] <... ioctl resumed>) = 0 [pid 5165] <... clone resumed>, parent_tid=[5169], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5169 [pid 5165] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] set_robust_list(0x7f40005869e0, 24 [pid 5165] <... futex resumed>) = 0 [pid 5169] <... set_robust_list resumed>) = 0 [pid 5166] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... openat resumed>) = 5 [pid 5169] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5169] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 0 [pid 5166] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5166] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] exit_group(0 [pid 5169] <... futex resumed>) = ? [pid 5166] <... futex resumed>) = ? [pid 5165] <... exit_group resumed>) = ? [pid 5169] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 52.695388][ T5166] loop0: detected capacity change from 0 to 2048 [ 52.704967][ T5166] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 52.727047][ T5166] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5170 ./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5170] chdir("./21") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5170] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5171], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5171 [pid 5170] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5171 attached [pid 5171] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 52.778342][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5171] munmap(0x7f4000487000, 1048576) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] mkdir("./file0", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5171] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] chdir("./file0") = 0 [pid 5171] ioctl(4, LOOP_CLR_FD) = 0 [pid 5171] close(4) = 0 [pid 5171] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] <... futex resumed>) = 0 [pid 5171] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5170] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... openat resumed>) = 4 [pid 5171] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5170] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... ioctl resumed>) = 0 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5170] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5174], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5174 [pid 5170] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5174] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5174] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5171] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5170] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 1 [pid 5174] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... write resumed>) = 7 [pid 5171] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] exit_group(0 [pid 5171] <... futex resumed>) = ? [pid 5170] <... exit_group resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5174] <... futex resumed>) = ? [pid 5174] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 52.844044][ T5171] loop0: detected capacity change from 0 to 2048 [ 52.854118][ T5171] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 52.876792][ T5171] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5175 ./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5175] chdir("./22") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5175] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5176], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5176 [pid 5175] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5176 attached [pid 5176] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5176] memfd_create("syzkaller", 0) = 3 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5176] munmap(0x7f4000487000, 1048576) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.924387][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5176] close(3) = 0 [pid 5176] mkdir("./file0", 0777) = 0 [pid 5176] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5176] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5176] chdir("./file0") = 0 [pid 5176] ioctl(4, LOOP_CLR_FD) = 0 [pid 5176] close(4) = 0 [pid 5176] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 1 [pid 5176] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5176] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5175] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5179], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5179 [pid 5175] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 1 [pid 5176] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 5179 attached [pid 5179] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5179] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5176] <... ioctl resumed>) = 0 [pid 5176] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] <... openat resumed>) = 5 [pid 5179] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 0 [pid 5176] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5179] <... futex resumed>) = 1 [pid 5179] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] <... write resumed>) = 7 [pid 5176] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] exit_group(0) = ? [pid 5176] <... futex resumed>) = ? [pid 5176] +++ exited with 0 +++ [pid 5179] <... futex resumed>) = ? [pid 5179] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 52.980746][ T5176] loop0: detected capacity change from 0 to 2048 [ 52.990560][ T5176] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.006767][ T5176] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5180 ./strace-static-x86_64: Process 5180 attached [pid 5180] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5180] chdir("./23") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5180] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5181], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5181 ./strace-static-x86_64: Process 5181 attached [pid 5180] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] set_robust_list(0x7f40088a79e0, 24 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5181] <... set_robust_list resumed>) = 0 [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 53.056815][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5181] munmap(0x7f4000487000, 1048576) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./file0", 0777) = 0 [pid 5181] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5181] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./file0") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 1 [pid 5181] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5181] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5180] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5184], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5184 [pid 5180] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 1 [pid 5181] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5181] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5184 attached [pid 5184] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5184] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5184] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5181] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5180] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... write resumed>) = 7 [pid 5181] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] exit_group(0) = ? [pid 5181] <... futex resumed>) = ? [pid 5181] +++ exited with 0 +++ [pid 5184] <... futex resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5180, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 53.126780][ T5181] loop0: detected capacity change from 0 to 2048 [ 53.136976][ T5181] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.156407][ T5181] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5185 ./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5185] chdir("./24") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5185] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5186 attached , parent_tid=[5186], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5186 [pid 5186] set_robust_list(0x7f40088a79e0, 24 [pid 5185] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... set_robust_list resumed>) = 0 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5186] memfd_create("syzkaller", 0) = 3 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 53.198858][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5186] munmap(0x7f4000487000, 1048576) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5186] close(3) = 0 [pid 5186] mkdir("./file0", 0777) = 0 [pid 5186] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5186] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5186] chdir("./file0") = 0 [pid 5186] ioctl(4, LOOP_CLR_FD) = 0 [pid 5186] close(4) = 0 [pid 5186] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... futex resumed>) = 1 [pid 5186] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5186] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5185] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5190], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5190 [pid 5185] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... futex resumed>) = 1 [pid 5186] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5186] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5190] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5190] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5190] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5186] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5185] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... write resumed>) = 7 [pid 5186] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5186] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] exit_group(0 [pid 5190] <... futex resumed>) = ? [pid 5186] <... futex resumed>) = ? [pid 5185] <... exit_group resumed>) = ? [pid 5186] +++ exited with 0 +++ [pid 5190] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 [ 53.263575][ T5186] loop0: detected capacity change from 0 to 2048 [ 53.273632][ T5186] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.297406][ T5186] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5191] chdir("./25") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5191] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5192 attached , parent_tid=[5192], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5192 [pid 5191] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5192] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 53.345586][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5192] munmap(0x7f4000487000, 1048576) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] mkdir("./file0", 0777) = 0 [pid 5192] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] chdir("./file0") = 0 [pid 5192] ioctl(4, LOOP_CLR_FD) = 0 [pid 5192] close(4) = 0 [pid 5192] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5192] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5191] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5195], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5195 [pid 5191] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5192] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5195] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5195] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 0 [pid 5195] <... futex resumed>) = 1 [pid 5192] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5195] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... write resumed>) = 7 [pid 5192] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] exit_group(0) = ? [pid 5195] <... futex resumed>) = ? [pid 5192] <... futex resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 53.409516][ T5192] loop0: detected capacity change from 0 to 2048 [ 53.419617][ T5192] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.436688][ T5192] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5196 ./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5196] chdir("./26") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5196] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5197 attached , parent_tid=[5197], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5197 [pid 5197] set_robust_list(0x7f40088a79e0, 24 [pid 5196] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5197] <... set_robust_list resumed>) = 0 [pid 5197] memfd_create("syzkaller", 0) = 3 [pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 53.484028][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5197] munmap(0x7f4000487000, 1048576) = 0 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5197] close(3) = 0 [pid 5197] mkdir("./file0", 0777) = 0 [pid 5197] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5197] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5197] chdir("./file0") = 0 [pid 5197] ioctl(4, LOOP_CLR_FD) = 0 [pid 5197] close(4) = 0 [pid 5197] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... futex resumed>) = 0 [pid 5197] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5197] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5196] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5200], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5200 [pid 5196] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... futex resumed>) = 1 [pid 5197] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5197] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5200] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5200] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... futex resumed>) = 0 [pid 5197] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5197] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5196] exit_group(0) = ? [pid 5200] <... futex resumed>) = ? [pid 5200] +++ exited with 0 +++ [pid 5197] +++ exited with 0 +++ [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 [ 53.556712][ T5197] loop0: detected capacity change from 0 to 2048 [ 53.566991][ T5197] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.586616][ T5197] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5201 ./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5201] chdir("./27") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5201] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5202], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5202 [pid 5201] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5202] munmap(0x7f4000487000, 1048576) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.629545][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./file0", 0777) = 0 [pid 5202] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./file0") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5202] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5202] <... futex resumed>) = 1 [pid 5201] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5202] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5201] <... mprotect resumed>) = 0 [pid 5201] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5202] <... ioctl resumed>) = 0 [pid 5201] <... clone resumed>, parent_tid=[5205], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5205 [pid 5201] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5205 attached [pid 5205] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5205] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5205] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5205] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... futex resumed>) = 0 [pid 5201] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5202] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5201] exit_group(0 [pid 5205] <... futex resumed>) = ? [pid 5201] <... exit_group resumed>) = ? [pid 5205] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 53.690551][ T5202] loop0: detected capacity change from 0 to 2048 [ 53.700244][ T5202] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.716949][ T5202] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5206] chdir("./28") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... clone resumed>, child_tidptr=0x5555570c15d0) = 5206 [pid 5206] <... prctl resumed>) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5206] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5206] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5206] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5207 attached , parent_tid=[5207], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5207 [pid 5207] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5207] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] memfd_create("syzkaller", 0 [pid 5206] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5207] <... memfd_create resumed>) = 3 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 53.766048][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5207] munmap(0x7f4000487000, 1048576) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5207] close(3) = 0 [pid 5207] mkdir("./file0", 0777) = 0 [pid 5207] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5207] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] chdir("./file0") = 0 [pid 5207] ioctl(4, LOOP_CLR_FD) = 0 [pid 5207] close(4) = 0 [pid 5207] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... futex resumed>) = 1 [pid 5207] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5207] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5206] <... futex resumed>) = 0 [pid 5207] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5206] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] <... ioctl resumed>) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5207] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] <... mmap resumed>) = 0x7f4000566000 [pid 5207] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5206] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5210], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5210 [pid 5206] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5210 attached [pid 5210] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5210] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5210] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5207] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5206] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 1 [pid 5210] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... write resumed>) = 7 [pid 5207] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] exit_group(0) = ? [pid 5207] <... futex resumed>) = ? [pid 5207] +++ exited with 0 +++ [pid 5210] <... futex resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 53.833126][ T5207] loop0: detected capacity change from 0 to 2048 [ 53.843465][ T5207] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.866657][ T5207] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5211] chdir("./29") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5211] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x7f40088a79e0, 24 [pid 5211] <... clone resumed>, parent_tid=[5212], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5212 [pid 5211] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... set_robust_list resumed>) = 0 [pid 5211] <... futex resumed>) = 0 [pid 5212] memfd_create("syzkaller", 0) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 53.909799][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5211] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5212] munmap(0x7f4000487000, 1048576) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] mkdir("./file0", 0777) = 0 [pid 5212] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./file0") = 0 [pid 5212] ioctl(4, LOOP_CLR_FD) = 0 [pid 5212] close(4) = 0 [pid 5212] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 1 [pid 5212] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5212] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5211] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5211] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5215 attached [pid 5212] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5211] <... clone resumed>, parent_tid=[5215], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5215 [pid 5215] set_robust_list(0x7f40005869e0, 24 [pid 5211] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... set_robust_list resumed>) = 0 [pid 5215] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5211] <... futex resumed>) = 0 [pid 5215] <... openat resumed>) = 5 [pid 5212] <... ioctl resumed>) = 0 [pid 5211] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5211] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 0 [pid 5212] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5212] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5212] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] exit_group(0 [pid 5215] <... futex resumed>) = ? [pid 5212] <... futex resumed>) = ? [pid 5211] <... exit_group resumed>) = ? [pid 5215] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 53.979965][ T5212] loop0: detected capacity change from 0 to 2048 [ 53.989243][ T5212] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.016815][ T5212] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5216 ./strace-static-x86_64: Process 5216 attached [pid 5216] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5216] chdir("./30") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5216] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5216] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5217 attached , parent_tid=[5217], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5217 [pid 5217] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5217] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] <... futex resumed>) = 0 [pid 5217] memfd_create("syzkaller", 0 [pid 5216] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5217] <... memfd_create resumed>) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5217] munmap(0x7f4000487000, 1048576) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.062504][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5217] close(3) = 0 [pid 5217] mkdir("./file0", 0777) = 0 [pid 5217] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5217] chdir("./file0") = 0 [pid 5217] ioctl(4, LOOP_CLR_FD) = 0 [pid 5217] close(4) = 0 [pid 5217] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 1 [pid 5217] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5217] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5216] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5217] <... ioctl resumed>) = 0 [pid 5216] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5217] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] <... mprotect resumed>) = 0 [pid 5216] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5217] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5220 attached [pid 5216] <... clone resumed>, parent_tid=[5220], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5220 [pid 5216] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5220] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5220] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5220] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 0 [pid 5217] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5217] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] exit_group(0 [pid 5220] <... futex resumed>) = ? [pid 5217] <... futex resumed>) = ? [pid 5216] <... exit_group resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5216, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 54.120195][ T5217] loop0: detected capacity change from 0 to 2048 [ 54.129287][ T5217] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.146948][ T5217] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5221 ./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5221] chdir("./31") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5221] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5222], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5222 [pid 5221] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5222 attached [pid 5222] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5222] memfd_create("syzkaller", 0) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5222] munmap(0x7f4000487000, 1048576) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.194614][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5222] close(3) = 0 [pid 5222] mkdir("./file0", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5222] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] chdir("./file0") = 0 [pid 5222] ioctl(4, LOOP_CLR_FD) = 0 [pid 5222] close(4) = 0 [pid 5222] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5221] <... futex resumed>) = 1 [pid 5222] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5221] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... openat resumed>) = 4 [pid 5222] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5221] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] <... ioctl resumed>) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5222] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] <... mmap resumed>) = 0x7f4000566000 [pid 5222] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x7f40005869e0, 24 [pid 5221] <... clone resumed>, parent_tid=[5225], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5225 [pid 5225] <... set_robust_list resumed>) = 0 [pid 5221] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... openat resumed>) = 5 [pid 5225] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... futex resumed>) = 0 [pid 5221] <... futex resumed>) = 1 [pid 5222] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5221] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... write resumed>) = 7 [pid 5222] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] exit_group(0 [pid 5225] <... futex resumed>) = ? [pid 5222] <... futex resumed>) = ? [pid 5221] <... exit_group resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 [ 54.251396][ T5222] loop0: detected capacity change from 0 to 2048 [ 54.260992][ T5222] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.286609][ T5222] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5226 ./strace-static-x86_64: Process 5226 attached [pid 5226] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5226] chdir("./32") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5226] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5227], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5227 ./strace-static-x86_64: Process 5227 attached [pid 5226] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5227] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5227] memfd_create("syzkaller", 0) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [ 54.332596][ T5062] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5227] munmap(0x7f4000487000, 1048576) = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5227] close(3) = 0 [pid 5227] mkdir("./file0", 0777) = 0 [pid 5227] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5227] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5227] chdir("./file0") = 0 [pid 5227] ioctl(4, LOOP_CLR_FD) = 0 [pid 5227] close(4) = 0 [pid 5227] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... futex resumed>) = 1 [pid 5227] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5227] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5227] <... futex resumed>) = 1 [pid 5226] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5227] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5226] <... mprotect resumed>) = 0 [pid 5227] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5230 attached [pid 5226] <... clone resumed>, parent_tid=[5230], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5230 [pid 5226] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5230] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5230] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = 1 [ 54.401121][ T5227] loop0: detected capacity change from 0 to 2048 [ 54.410583][ T5227] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5227] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5230] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... write resumed>) = 7 [pid 5227] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5227] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] exit_group(0 [pid 5227] <... futex resumed>) = ? [pid 5226] <... exit_group resumed>) = ? [pid 5230] <... futex resumed>) = ? [pid 5227] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5231 ./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5231] chdir("./33") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5231] write(3, "1000", 4) = 4 [pid 5231] close(3) = 0 [pid 5231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5231] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5231] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5231] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5232 attached [pid 5232] set_robust_list(0x7f40088a79e0, 24 [pid 5231] <... clone resumed>, parent_tid=[5232], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5232 [pid 5232] <... set_robust_list resumed>) = 0 [pid 5231] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] memfd_create("syzkaller", 0 [pid 5231] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5232] <... memfd_create resumed>) = 3 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5232] munmap(0x7f4000487000, 1048576) = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5232] close(3) = 0 [pid 5232] mkdir("./file0", 0777) = 0 [pid 5232] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5232] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5232] chdir("./file0") = 0 [pid 5232] ioctl(4, LOOP_CLR_FD) = 0 [pid 5232] close(4) = 0 [pid 5232] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5232] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5231] <... futex resumed>) = 0 [pid 5232] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5231] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... openat resumed>) = 4 [pid 5232] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5232] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5231] <... futex resumed>) = 0 [pid 5232] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5231] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5231] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5231] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5235 attached [pid 5232] <... ioctl resumed>) = 0 [pid 5231] <... clone resumed>, parent_tid=[5235], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5235 [pid 5231] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] set_robust_list(0x7f40005869e0, 24 [pid 5231] <... futex resumed>) = 0 [pid 5235] <... set_robust_list resumed>) = 0 [pid 5231] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5232] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... futex resumed>) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5235] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5232] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5231] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... write resumed>) = 7 [pid 5232] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5232] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] exit_group(0 [pid 5235] <... futex resumed>) = ? [pid 5232] <... futex resumed>) = ? [pid 5231] <... exit_group resumed>) = ? [pid 5235] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ [pid 5231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5231, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 54.547977][ T5232] loop0: detected capacity change from 0 to 2048 [ 54.558103][ T5232] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5236 ./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5236] chdir("./34") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5236] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5237 attached , parent_tid=[5237], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5237 [pid 5236] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5237] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5237] munmap(0x7f4000487000, 1048576) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] mkdir("./file0", 0777) = 0 [pid 5237] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./file0") = 0 [pid 5237] ioctl(4, LOOP_CLR_FD) = 0 [pid 5237] close(4) = 0 [pid 5237] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5237] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5236] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... openat resumed>) = 4 [pid 5237] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5237] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5236] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... ioctl resumed>) = 0 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5237] <... futex resumed>) = 0 [pid 5236] <... mmap resumed>) = 0x7f4000566000 [pid 5237] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5240 attached [pid 5240] set_robust_list(0x7f40005869e0, 24 [pid 5236] <... clone resumed>, parent_tid=[5240], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5240 [pid 5236] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... set_robust_list resumed>) = 0 [pid 5240] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5240] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5237] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5236] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5237] <... write resumed>) = 7 [pid 5237] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... futex resumed>) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] exit_group(0 [pid 5240] <... futex resumed>) = ? [pid 5237] <... futex resumed>) = ? [pid 5236] <... exit_group resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 54.663332][ T5237] loop0: detected capacity change from 0 to 2048 [ 54.673545][ T5237] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5241 ./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5241] chdir("./35") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5241] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5242], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5242 [pid 5241] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5242 attached [pid 5242] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5242] munmap(0x7f4000487000, 1048576) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] mkdir("./file0", 0777) = 0 [pid 5242] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./file0") = 0 [pid 5242] ioctl(4, LOOP_CLR_FD) = 0 [pid 5242] close(4) = 0 [pid 5242] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5242] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5241] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... ioctl resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5242] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... mmap resumed>) = 0x7f4000566000 [pid 5242] <... futex resumed>) = 0 [pid 5241] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5242] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... mprotect resumed>) = 0 [pid 5241] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5245], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5245 [pid 5241] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5245] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5245] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5245] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5242] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5241] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... write resumed>) = 7 [pid 5242] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] exit_group(0 [pid 5245] <... futex resumed>) = ? [pid 5242] <... futex resumed>) = ? [pid 5241] <... exit_group resumed>) = ? [pid 5245] +++ exited with 0 +++ [pid 5242] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 [ 54.780714][ T5242] loop0: detected capacity change from 0 to 2048 [ 54.790026][ T5242] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5246 ./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5246] chdir("./36") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5246] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5246] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5246] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5247 attached , parent_tid=[5247], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5247 [pid 5247] set_robust_list(0x7f40088a79e0, 24 [pid 5246] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5247] <... set_robust_list resumed>) = 0 [pid 5247] memfd_create("syzkaller", 0) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5247] munmap(0x7f4000487000, 1048576) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5247] close(3) = 0 [pid 5247] mkdir("./file0", 0777) = 0 [pid 5247] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5247] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5247] chdir("./file0") = 0 [pid 5247] ioctl(4, LOOP_CLR_FD) = 0 [pid 5247] close(4) = 0 [pid 5247] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 1 [pid 5247] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5247] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5246] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5246] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5250], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5250 [pid 5246] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 1 [pid 5247] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5247] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5250] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5250] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 0 [pid 5247] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5247] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5246] exit_group(0) = ? [pid 5247] <... futex resumed>) = ? [pid 5247] +++ exited with 0 +++ [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 54.896075][ T5247] loop0: detected capacity change from 0 to 2048 [ 54.905753][ T5247] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5251 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5251] chdir("./37") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5251] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5252], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5252 [pid 5251] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5252] munmap(0x7f4000487000, 1048576) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./file0", 0777) = 0 [pid 5252] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file0") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5251] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... openat resumed>) = 4 [pid 5252] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5251] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... ioctl resumed>) = 0 [pid 5251] <... futex resumed>) = 0 [pid 5252] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 0 [pid 5252] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5251] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5255], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5255 [pid 5251] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5255] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5255] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5255] <... futex resumed>) = 1 [pid 5252] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5251] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] <... write resumed>) = 7 [pid 5252] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] exit_group(0 [pid 5252] <... futex resumed>) = ? [pid 5251] <... exit_group resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5255] <... futex resumed>) = ? [pid 5255] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 [ 55.008837][ T5252] loop0: detected capacity change from 0 to 2048 [ 55.018291][ T5252] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5256 ./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5256] chdir("./38") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5256] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5257], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5257 [pid 5256] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5257 attached [pid 5257] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5257] munmap(0x7f4000487000, 1048576) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] mkdir("./file0", 0777) = 0 [pid 5257] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file0") = 0 [pid 5257] ioctl(4, LOOP_CLR_FD) = 0 [pid 5257] close(4) = 0 [pid 5257] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... futex resumed>) = 1 [pid 5257] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5257] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5256] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5260], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5260 [pid 5256] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... futex resumed>) = 1 [pid 5257] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 5260 attached [pid 5260] set_robust_list(0x7f40005869e0, 24 [pid 5257] <... ioctl resumed>) = 0 [pid 5260] <... set_robust_list resumed>) = 0 [pid 5260] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5257] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... openat resumed>) = 5 [pid 5257] <... futex resumed>) = 0 [ 55.126887][ T5257] loop0: detected capacity change from 0 to 2048 [ 55.136371][ T5257] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5257] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... futex resumed>) = 0 [pid 5257] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5257] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5256] exit_group(0 [pid 5260] <... futex resumed>) = ? [pid 5256] <... exit_group resumed>) = ? [pid 5260] +++ exited with 0 +++ [pid 5257] <... futex resumed>) = ? [pid 5257] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5261 ./strace-static-x86_64: Process 5261 attached [pid 5261] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5261] chdir("./39") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5261] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5261] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5262], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5262 [pid 5261] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5262 attached [pid 5262] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5262] memfd_create("syzkaller", 0) = 3 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5262] munmap(0x7f4000487000, 1048576) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5262] close(3) = 0 [pid 5262] mkdir("./file0", 0777) = 0 [pid 5262] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5262] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5262] chdir("./file0") = 0 [pid 5262] ioctl(4, LOOP_CLR_FD) = 0 [pid 5262] close(4) = 0 [pid 5262] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... futex resumed>) = 0 [pid 5262] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5262] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5261] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5262] <... futex resumed>) = 1 [pid 5262] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5261] <... clone resumed>, parent_tid=[5265], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5265 [pid 5261] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... ioctl resumed>) = 0 [pid 5262] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5265 attached [pid 5265] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5265] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5265] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5261] <... futex resumed>) = 1 [pid 5262] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5261] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... futex resumed>) = 1 [pid 5265] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] <... write resumed>) = 7 [pid 5262] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] exit_group(0 [pid 5262] <... futex resumed>) = ? [pid 5261] <... exit_group resumed>) = ? [pid 5262] +++ exited with 0 +++ [pid 5265] <... futex resumed>) = ? [pid 5265] +++ exited with 0 +++ [pid 5261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 55.247754][ T5262] loop0: detected capacity change from 0 to 2048 [ 55.257383][ T5262] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5266 ./strace-static-x86_64: Process 5266 attached [pid 5266] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5266] chdir("./40") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5266] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5267], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5267 [pid 5266] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5267 attached [pid 5267] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5267] memfd_create("syzkaller", 0) = 3 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5267] munmap(0x7f4000487000, 1048576) = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5267] close(3) = 0 [pid 5267] mkdir("./file0", 0777) = 0 [pid 5267] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5267] chdir("./file0") = 0 [pid 5267] ioctl(4, LOOP_CLR_FD) = 0 [pid 5267] close(4) = 0 [pid 5267] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5266] <... futex resumed>) = 0 [pid 5267] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5266] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... openat resumed>) = 4 [pid 5267] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5266] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... ioctl resumed>) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5266] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5270 attached [pid 5270] set_robust_list(0x7f40005869e0, 24 [pid 5266] <... clone resumed>, parent_tid=[5270], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5270 [pid 5270] <... set_robust_list resumed>) = 0 [pid 5266] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5266] <... futex resumed>) = 0 [pid 5270] <... openat resumed>) = 5 [pid 5266] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 1 [ 55.357986][ T5267] loop0: detected capacity change from 0 to 2048 [ 55.368027][ T5267] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5267] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5266] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 1 [pid 5270] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... write resumed>) = 7 [pid 5267] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] exit_group(0 [pid 5270] <... futex resumed>) = ? [pid 5267] <... futex resumed>) = ? [pid 5266] <... exit_group resumed>) = ? [pid 5270] +++ exited with 0 +++ [pid 5267] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5271 ./strace-static-x86_64: Process 5271 attached [pid 5271] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5271] chdir("./41") = 0 [pid 5271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5271] setpgid(0, 0) = 0 [pid 5271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5271] write(3, "1000", 4) = 4 [pid 5271] close(3) = 0 [pid 5271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5271] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5271] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5271] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5272 attached , parent_tid=[5272], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5272 [pid 5272] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5272] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5271] <... futex resumed>) = 1 [pid 5272] memfd_create("syzkaller", 0 [pid 5271] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5272] <... memfd_create resumed>) = 3 [pid 5272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5272] munmap(0x7f4000487000, 1048576) = 0 [pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5272] close(3) = 0 [pid 5272] mkdir("./file0", 0777) = 0 [pid 5272] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5272] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5272] chdir("./file0") = 0 [pid 5272] ioctl(4, LOOP_CLR_FD) = 0 [pid 5272] close(4) = 0 [pid 5272] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... futex resumed>) = 1 [pid 5272] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5272] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5271] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5271] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5275], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5275 [pid 5271] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... futex resumed>) = 1 [pid 5272] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5272] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5275] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5275] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... futex resumed>) = 0 [pid 5272] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5272] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5271] exit_group(0) = ? [pid 5272] +++ exited with 0 +++ [pid 5275] <... futex resumed>) = ? [pid 5275] +++ exited with 0 +++ [pid 5271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5271, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 [ 55.472373][ T5272] loop0: detected capacity change from 0 to 2048 [ 55.481585][ T5272] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5276 attached , child_tidptr=0x5555570c15d0) = 5276 [pid 5276] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5276] chdir("./42") = 0 [pid 5276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5276] setpgid(0, 0) = 0 [pid 5276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5276] write(3, "1000", 4) = 4 [pid 5276] close(3) = 0 [pid 5276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5276] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5276] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5276] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5277 attached , parent_tid=[5277], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5277 [pid 5277] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5276] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5277] memfd_create("syzkaller", 0) = 3 [pid 5277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5277] munmap(0x7f4000487000, 1048576) = 0 [pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5277] close(3) = 0 [pid 5277] mkdir("./file0", 0777) = 0 [pid 5277] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5277] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5277] chdir("./file0") = 0 [pid 5277] ioctl(4, LOOP_CLR_FD) = 0 [pid 5277] close(4) = 0 [pid 5277] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5277] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5276] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5276] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5280], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5280 [pid 5276] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5277] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5280 attached [pid 5280] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5280] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5280] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 0 [pid 5277] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5280] <... futex resumed>) = 1 [pid 5277] <... write resumed>) = 7 [pid 5277] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] exit_group(0) = ? [pid 5277] <... futex resumed>) = ? [pid 5277] +++ exited with 0 +++ [pid 5280] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5276, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 [ 55.592674][ T5277] loop0: detected capacity change from 0 to 2048 [ 55.601818][ T5277] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5281 ./strace-static-x86_64: Process 5281 attached [pid 5281] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5281] chdir("./43") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5281] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5282 attached , parent_tid=[5282], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5282 [pid 5282] set_robust_list(0x7f40088a79e0, 24 [pid 5281] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... set_robust_list resumed>) = 0 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5282] munmap(0x7f4000487000, 1048576) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] mkdir("./file0", 0777) = 0 [pid 5282] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5282] chdir("./file0") = 0 [pid 5282] ioctl(4, LOOP_CLR_FD) = 0 [pid 5282] close(4) = 0 [pid 5282] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5282] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5282] <... ioctl resumed>) = 0 [pid 5281] <... mmap resumed>) = 0x7f4000566000 [pid 5282] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5282] <... futex resumed>) = 0 [pid 5281] <... mprotect resumed>) = 0 [pid 5282] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5286 attached [pid 5286] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5286] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] <... clone resumed>, parent_tid=[5286], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5286 [pid 5281] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... futex resumed>) = 0 [pid 5286] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5286] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5282] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5281] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... futex resumed>) = 1 [pid 5282] <... write resumed>) = 7 [pid 5282] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... futex resumed>) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] exit_group(0 [pid 5286] <... futex resumed>) = ? [pid 5282] <... futex resumed>) = ? [pid 5281] <... exit_group resumed>) = ? [pid 5286] +++ exited with 0 +++ [pid 5282] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 55.704350][ T5282] loop0: detected capacity change from 0 to 2048 [ 55.713980][ T5282] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5287 ./strace-static-x86_64: Process 5287 attached [pid 5287] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5287] chdir("./44") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5287] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5288 attached , parent_tid=[5288], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5288 [pid 5288] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5288] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5288] memfd_create("syzkaller", 0 [pid 5287] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5288] <... memfd_create resumed>) = 3 [pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5288] munmap(0x7f4000487000, 1048576) = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5288] close(3) = 0 [pid 5288] mkdir("./file0", 0777) = 0 [pid 5288] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5288] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5288] chdir("./file0") = 0 [pid 5288] ioctl(4, LOOP_CLR_FD) = 0 [pid 5288] close(4) = 0 [pid 5288] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 1 [pid 5288] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5288] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5287] <... futex resumed>) = 0 [pid 5288] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5287] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5288] <... ioctl resumed>) = 0 [pid 5287] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5288] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] <... mprotect resumed>) = 0 [pid 5287] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5288] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5291 attached [pid 5287] <... clone resumed>, parent_tid=[5291], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5291 [pid 5287] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5291] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5291] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5288] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5287] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... write resumed>) = 7 [pid 5291] <... futex resumed>) = 1 [pid 5288] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] <... futex resumed>) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] exit_group(0 [pid 5291] <... futex resumed>) = ? [pid 5288] <... futex resumed>) = ? [pid 5287] <... exit_group resumed>) = ? [pid 5291] +++ exited with 0 +++ [pid 5288] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 55.825664][ T5288] loop0: detected capacity change from 0 to 2048 [ 55.836198][ T5288] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5292 ./strace-static-x86_64: Process 5292 attached [pid 5292] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5292] chdir("./45") = 0 [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5292] setpgid(0, 0) = 0 [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5292] write(3, "1000", 4) = 4 [pid 5292] close(3) = 0 [pid 5292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5292] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5292] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5292] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5293], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5293 [pid 5292] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5293 attached [pid 5293] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5293] memfd_create("syzkaller", 0) = 3 [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5293] munmap(0x7f4000487000, 1048576) = 0 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5293] close(3) = 0 [pid 5293] mkdir("./file0", 0777) = 0 [pid 5293] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5293] chdir("./file0") = 0 [pid 5293] ioctl(4, LOOP_CLR_FD) = 0 [pid 5293] close(4) = 0 [pid 5293] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5293] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5293] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5293] <... ioctl resumed>) = 0 [pid 5292] <... mmap resumed>) = 0x7f4000566000 [pid 5292] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5293] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] <... mprotect resumed>) = 0 [pid 5293] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5296 attached , parent_tid=[5296], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5296 [pid 5292] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5296] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5296] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [pid 5293] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5292] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 1 [pid 5296] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... write resumed>) = 7 [pid 5293] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5293] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] exit_group(0 [pid 5293] <... futex resumed>) = ? [pid 5292] <... exit_group resumed>) = ? [pid 5296] <... futex resumed>) = ? [pid 5293] +++ exited with 0 +++ [pid 5296] +++ exited with 0 +++ [pid 5292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5292, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 55.932337][ T5293] loop0: detected capacity change from 0 to 2048 [ 55.942216][ T5293] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5297 ./strace-static-x86_64: Process 5297 attached [pid 5297] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5297] chdir("./46") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5297] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5297] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5298], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5298 [pid 5297] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5298 attached [pid 5298] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5298] memfd_create("syzkaller", 0) = 3 [pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5298] munmap(0x7f4000487000, 1048576) = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5298] close(3) = 0 [pid 5298] mkdir("./file0", 0777) = 0 [pid 5298] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5298] chdir("./file0") = 0 [pid 5298] ioctl(4, LOOP_CLR_FD) = 0 [pid 5298] close(4) = 0 [pid 5298] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5298] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5297] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... openat resumed>) = 4 [pid 5298] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5298] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5297] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... ioctl resumed>) = 0 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5298] <... futex resumed>) = 0 [pid 5297] <... mmap resumed>) = 0x7f4000566000 [pid 5298] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5301], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5301 [pid 5297] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5301 attached [pid 5301] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5301] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5301] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5301] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = 1 [pid 5298] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5297] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... write resumed>) = 7 [pid 5298] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] exit_group(0 [pid 5301] <... futex resumed>) = ? [pid 5298] <... futex resumed>) = ? [pid 5297] <... exit_group resumed>) = ? [pid 5301] +++ exited with 0 +++ [pid 5298] +++ exited with 0 +++ [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 56.040102][ T5298] loop0: detected capacity change from 0 to 2048 [ 56.049126][ T5298] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5302 ./strace-static-x86_64: Process 5302 attached [pid 5302] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5302] chdir("./47") = 0 [pid 5302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5302] setpgid(0, 0) = 0 [pid 5302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5302] write(3, "1000", 4) = 4 [pid 5302] close(3) = 0 [pid 5302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5302] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5302] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5302] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5303 attached , parent_tid=[5303], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5303 [pid 5303] set_robust_list(0x7f40088a79e0, 24 [pid 5302] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... set_robust_list resumed>) = 0 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5303] memfd_create("syzkaller", 0) = 3 [pid 5303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5303] munmap(0x7f4000487000, 1048576) = 0 [pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5303] close(3) = 0 [pid 5303] mkdir("./file0", 0777) = 0 [pid 5303] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5303] chdir("./file0") = 0 [pid 5303] ioctl(4, LOOP_CLR_FD) = 0 [pid 5303] close(4) = 0 [pid 5303] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... futex resumed>) = 1 [pid 5303] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5303] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5303] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5302] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] <... ioctl resumed>) = 0 [pid 5302] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5303] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] <... clone resumed>, parent_tid=[5306], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5306 [pid 5302] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5306 attached [pid 5302] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5306] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5306] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [ 56.140518][ T5303] loop0: detected capacity change from 0 to 2048 [ 56.150069][ T5303] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5303] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5302] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... write resumed>) = 7 [pid 5303] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5302] exit_group(0 [pid 5306] <... futex resumed>) = ? [pid 5302] <... exit_group resumed>) = ? [pid 5306] +++ exited with 0 +++ [pid 5303] +++ exited with 0 +++ [pid 5302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5302, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5307 ./strace-static-x86_64: Process 5307 attached [pid 5307] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5307] chdir("./48") = 0 [pid 5307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5307] setpgid(0, 0) = 0 [pid 5307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5307] write(3, "1000", 4) = 4 [pid 5307] close(3) = 0 [pid 5307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5307] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5307] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5307] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x7f40088a79e0, 24 [pid 5307] <... clone resumed>, parent_tid=[5308], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5308 [pid 5308] <... set_robust_list resumed>) = 0 [pid 5308] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 0 [pid 5308] memfd_create("syzkaller", 0) = 3 [pid 5308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5308] munmap(0x7f4000487000, 1048576) = 0 [pid 5308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5308] close(3) = 0 [pid 5308] mkdir("./file0", 0777) = 0 [pid 5308] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5308] chdir("./file0") = 0 [pid 5308] ioctl(4, LOOP_CLR_FD) = 0 [pid 5308] close(4) = 0 [pid 5308] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 1 [pid 5308] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5308] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5307] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5307] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5311], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5311 [pid 5307] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 1 [pid 5308] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5308] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5311] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5311] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5307] <... futex resumed>) = 1 [pid 5308] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5307] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] <... futex resumed>) = 1 [pid 5311] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... write resumed>) = 7 [pid 5308] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5307] exit_group(0) = ? [pid 5311] <... futex resumed>) = ? [pid 5308] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ [pid 5307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5307, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 56.264519][ T5308] loop0: detected capacity change from 0 to 2048 [ 56.273772][ T5308] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5312 attached , child_tidptr=0x5555570c15d0) = 5312 [pid 5312] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5312] chdir("./49") = 0 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5312] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5312] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5313 attached , parent_tid=[5313], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5313 [pid 5313] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5313] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5313] memfd_create("syzkaller", 0 [pid 5312] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5313] <... memfd_create resumed>) = 3 [pid 5313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5313] munmap(0x7f4000487000, 1048576) = 0 [pid 5313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5313] close(3) = 0 [pid 5313] mkdir("./file0", 0777) = 0 [pid 5313] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5313] chdir("./file0") = 0 [pid 5313] ioctl(4, LOOP_CLR_FD) = 0 [pid 5313] close(4) = 0 [pid 5313] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 1 [pid 5313] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5313] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5312] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5316], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5316 [pid 5312] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 1 [pid 5313] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5313] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5316 attached [pid 5316] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5316] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5316] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5316] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5312] <... futex resumed>) = 1 [pid 5312] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5313] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5312] exit_group(0) = ? [pid 5313] <... futex resumed>) = ? [pid 5316] <... futex resumed>) = ? [pid 5313] +++ exited with 0 +++ [pid 5316] +++ exited with 0 +++ [pid 5312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5312, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 [ 56.377188][ T5313] loop0: detected capacity change from 0 to 2048 [ 56.386501][ T5313] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5317 ./strace-static-x86_64: Process 5317 attached [pid 5317] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5317] chdir("./50") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5317] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5318], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5318 [pid 5317] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5318 attached [pid 5318] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5318] memfd_create("syzkaller", 0) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5318] munmap(0x7f4000487000, 1048576) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] mkdir("./file0", 0777) = 0 [pid 5318] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./file0") = 0 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [pid 5318] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5318] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5317] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... openat resumed>) = 4 [pid 5318] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5318] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5317] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... ioctl resumed>) = 0 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5318] <... futex resumed>) = 0 [pid 5317] <... mmap resumed>) = 0x7f4000566000 [pid 5318] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5321], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5321 [pid 5317] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5321 attached [pid 5321] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5321] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5321] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 1 [pid 5318] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5317] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... futex resumed>) = 1 [pid 5321] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5318] <... write resumed>) = 7 [pid 5318] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] exit_group(0 [pid 5318] <... futex resumed>) = ? [pid 5317] <... exit_group resumed>) = ? [pid 5318] +++ exited with 0 +++ [pid 5321] <... futex resumed>) = ? [pid 5321] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 [ 56.490686][ T5318] loop0: detected capacity change from 0 to 2048 [ 56.500071][ T5318] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5322 ./strace-static-x86_64: Process 5322 attached [pid 5322] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5322] chdir("./51") = 0 [pid 5322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5322] setpgid(0, 0) = 0 [pid 5322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5322] write(3, "1000", 4) = 4 [pid 5322] close(3) = 0 [pid 5322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5322] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5322] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5323 attached , parent_tid=[5323], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5323 [pid 5323] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5323] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5323] <... futex resumed>) = 0 [pid 5323] memfd_create("syzkaller", 0) = 3 [pid 5323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5323] munmap(0x7f4000487000, 1048576) = 0 [pid 5323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5323] close(3) = 0 [pid 5323] mkdir("./file0", 0777) = 0 [pid 5323] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5323] chdir("./file0") = 0 [pid 5323] ioctl(4, LOOP_CLR_FD) = 0 [pid 5323] close(4) = 0 [pid 5323] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] <... futex resumed>) = 0 [pid 5323] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5322] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... openat resumed>) = 4 [pid 5323] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] <... futex resumed>) = 0 [pid 5323] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5322] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... ioctl resumed>) = 0 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5323] <... futex resumed>) = 0 [pid 5322] <... mmap resumed>) = 0x7f4000566000 [pid 5323] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5326], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5326 [pid 5322] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5326 attached [pid 5326] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5326] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5326] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5322] <... futex resumed>) = 1 [pid 5323] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5322] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... write resumed>) = 7 [pid 5323] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] exit_group(0 [pid 5323] <... futex resumed>) = ? [pid 5322] <... exit_group resumed>) = ? [pid 5323] +++ exited with 0 +++ [pid 5326] <... futex resumed>) = ? [pid 5326] +++ exited with 0 +++ [pid 5322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5322, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 [ 56.592279][ T5323] loop0: detected capacity change from 0 to 2048 [ 56.601553][ T5323] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5327 ./strace-static-x86_64: Process 5327 attached [pid 5327] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5327] chdir("./52") = 0 [pid 5327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5327] setpgid(0, 0) = 0 [pid 5327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5327] write(3, "1000", 4) = 4 [pid 5327] close(3) = 0 [pid 5327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5327] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5327] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5327] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5328], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5328 [pid 5327] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5328 attached [pid 5328] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5328] memfd_create("syzkaller", 0) = 3 [pid 5328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5328] munmap(0x7f4000487000, 1048576) = 0 [pid 5328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5328] close(3) = 0 [pid 5328] mkdir("./file0", 0777) = 0 [pid 5328] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5328] chdir("./file0") = 0 [pid 5328] ioctl(4, LOOP_CLR_FD) = 0 [pid 5328] close(4) = 0 [pid 5328] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5327] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... openat resumed>) = 4 [pid 5328] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5327] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... ioctl resumed>) = 0 [pid 5327] <... futex resumed>) = 0 [pid 5327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5328] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... mmap resumed>) = 0x7f4000566000 [pid 5328] <... futex resumed>) = 0 [pid 5327] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5328] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] <... mprotect resumed>) = 0 [pid 5327] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5331], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5331 [pid 5327] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5331] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5331] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5327] <... futex resumed>) = 1 [pid 5328] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5327] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... futex resumed>) = 1 [pid 5331] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] <... write resumed>) = 7 [pid 5328] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] exit_group(0 [pid 5328] <... futex resumed>) = ? [pid 5327] <... exit_group resumed>) = ? [pid 5328] +++ exited with 0 +++ [pid 5331] <... futex resumed>) = ? [pid 5331] +++ exited with 0 +++ [pid 5327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5327, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 56.689562][ T5328] loop0: detected capacity change from 0 to 2048 [ 56.699187][ T5328] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5333 ./strace-static-x86_64: Process 5333 attached [pid 5333] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5333] chdir("./53") = 0 [pid 5333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5333] setpgid(0, 0) = 0 [pid 5333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5333] write(3, "1000", 4) = 4 [pid 5333] close(3) = 0 [pid 5333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5333] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5333] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5333] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5334], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5334 [pid 5333] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5334 attached [pid 5334] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5334] memfd_create("syzkaller", 0) = 3 [pid 5334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5334] munmap(0x7f4000487000, 1048576) = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5334] close(3) = 0 [pid 5334] mkdir("./file0", 0777) = 0 [pid 5334] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5334] chdir("./file0") = 0 [pid 5334] ioctl(4, LOOP_CLR_FD) = 0 [pid 5334] close(4) = 0 [pid 5334] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... futex resumed>) = 1 [pid 5334] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5334] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5333] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5333] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5337], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5337 [pid 5333] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... futex resumed>) = 1 [pid 5334] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 5337 attached [pid 5337] set_robust_list(0x7f40005869e0, 24 [pid 5334] <... ioctl resumed>) = 0 [pid 5337] <... set_robust_list resumed>) = 0 [pid 5337] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5334] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... openat resumed>) = 5 [pid 5337] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5333] <... futex resumed>) = 1 [pid 5334] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5333] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5337] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] <... write resumed>) = 7 [pid 5334] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = 0 [ 56.796410][ T5334] loop0: detected capacity change from 0 to 2048 [ 56.806243][ T5334] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5334] <... futex resumed>) = 1 [pid 5333] exit_group(0 [pid 5334] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] <... exit_group resumed>) = ? [pid 5334] <... futex resumed>) = ? [pid 5337] <... futex resumed>) = ? [pid 5334] +++ exited with 0 +++ [pid 5337] +++ exited with 0 +++ [pid 5333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5333, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5338 ./strace-static-x86_64: Process 5338 attached [pid 5338] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5338] chdir("./54") = 0 [pid 5338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5338] setpgid(0, 0) = 0 [pid 5338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5338] write(3, "1000", 4) = 4 [pid 5338] close(3) = 0 [pid 5338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5338] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5338] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5339 attached [pid 5339] set_robust_list(0x7f40088a79e0, 24 [pid 5338] <... clone resumed>, parent_tid=[5339], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5339 [pid 5338] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5339] <... set_robust_list resumed>) = 0 [pid 5339] memfd_create("syzkaller", 0) = 3 [pid 5339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5339] munmap(0x7f4000487000, 1048576) = 0 [pid 5339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5339] close(3) = 0 [pid 5339] mkdir("./file0", 0777) = 0 [pid 5339] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5339] chdir("./file0") = 0 [pid 5339] ioctl(4, LOOP_CLR_FD) = 0 [pid 5339] close(4) = 0 [pid 5339] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... futex resumed>) = 1 [pid 5339] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5339] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5338] <... futex resumed>) = 0 [pid 5339] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5338] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5339] <... ioctl resumed>) = 0 [pid 5338] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5339] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... mprotect resumed>) = 0 [pid 5338] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5342 attached [pid 5338] <... clone resumed>, parent_tid=[5342], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5342 [pid 5338] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5342] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5342] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = 1 [pid 5342] <... futex resumed>) = 1 [pid 5339] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5338] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... write resumed>) = 7 [pid 5339] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] exit_group(0 [pid 5339] <... futex resumed>) = ? [pid 5338] <... exit_group resumed>) = ? [pid 5342] <... futex resumed>) = ? [pid 5342] +++ exited with 0 +++ [pid 5339] +++ exited with 0 +++ [pid 5338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5338, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 [ 56.901111][ T5339] loop0: detected capacity change from 0 to 2048 [ 56.910621][ T5339] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5343 ./strace-static-x86_64: Process 5343 attached [pid 5343] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5343] chdir("./55") = 0 [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5343] setpgid(0, 0) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5343] write(3, "1000", 4) = 4 [pid 5343] close(3) = 0 [pid 5343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5343] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5343] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5343] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5344], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5344 [pid 5343] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5344 attached [pid 5344] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5344] memfd_create("syzkaller", 0) = 3 [pid 5344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5344] munmap(0x7f4000487000, 1048576) = 0 [pid 5344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5344] close(3) = 0 [pid 5344] mkdir("./file0", 0777) = 0 [pid 5344] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5344] chdir("./file0") = 0 [pid 5344] ioctl(4, LOOP_CLR_FD) = 0 [pid 5344] close(4) = 0 [pid 5344] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... openat resumed>) = 4 [pid 5344] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5344] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5343] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5344] <... ioctl resumed>) = 0 [pid 5343] <... mprotect resumed>) = 0 [pid 5344] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5347 attached [pid 5343] <... clone resumed>, parent_tid=[5347], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5347 [pid 5347] set_robust_list(0x7f40005869e0, 24 [pid 5343] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... set_robust_list resumed>) = 0 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5347] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5344] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5343] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... futex resumed>) = 1 [pid 5347] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... write resumed>) = 7 [pid 5344] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5344] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] exit_group(0 [pid 5344] <... futex resumed>) = ? [pid 5343] <... exit_group resumed>) = ? [ 57.002306][ T5344] loop0: detected capacity change from 0 to 2048 [ 57.011814][ T5344] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5344] +++ exited with 0 +++ [pid 5347] <... futex resumed>) = ? [pid 5347] +++ exited with 0 +++ [pid 5343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5343, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5348] chdir("./56") = 0 [pid 5348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5348] setpgid(0, 0) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x5555570c15d0) = 5348 [pid 5348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5348] write(3, "1000", 4) = 4 [pid 5348] close(3) = 0 [pid 5348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5348] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5348] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5348] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5349], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5349 [pid 5348] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5349 attached [pid 5349] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5349] memfd_create("syzkaller", 0) = 3 [pid 5349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5349] munmap(0x7f4000487000, 1048576) = 0 [pid 5349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5349] close(3) = 0 [pid 5349] mkdir("./file0", 0777) = 0 [pid 5349] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5349] chdir("./file0") = 0 [pid 5349] ioctl(4, LOOP_CLR_FD) = 0 [pid 5349] close(4) = 0 [pid 5349] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5349] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5348] <... futex resumed>) = 0 [pid 5349] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5348] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... openat resumed>) = 4 [pid 5349] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5349] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5348] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... ioctl resumed>) = 0 [pid 5348] <... futex resumed>) = 0 [pid 5349] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5348] <... futex resumed>) = 0 [pid 5349] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5348] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5348] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5352], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5352 [pid 5348] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5352 attached [pid 5352] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5352] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5352] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5348] <... futex resumed>) = 1 [pid 5349] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5348] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] <... write resumed>) = 7 [pid 5349] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5349] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] exit_group(0 [pid 5352] <... futex resumed>) = ? [pid 5349] <... futex resumed>) = ? [pid 5348] <... exit_group resumed>) = ? [ 57.122247][ T5349] loop0: detected capacity change from 0 to 2048 [ 57.131557][ T5349] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5349] +++ exited with 0 +++ [pid 5352] +++ exited with 0 +++ [pid 5348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5348, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5353] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5353] chdir("./57") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5353] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5354], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5354 [pid 5353] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5354 attached [pid 5354] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5354] munmap(0x7f4000487000, 1048576) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] mkdir("./file0", 0777) = 0 [pid 5354] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./file0") = 0 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [pid 5354] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5354] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5353] <... futex resumed>) = 0 [pid 5354] <... ioctl resumed>) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5354] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] <... mmap resumed>) = 0x7f4000566000 [pid 5354] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5357], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5357 [pid 5353] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5357 attached [pid 5357] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5357] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5357] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5353] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5357] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] <... write resumed>) = 7 [pid 5354] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] exit_group(0 [pid 5357] <... futex resumed>) = ? [pid 5354] <... futex resumed>) = ? [pid 5353] <... exit_group resumed>) = ? [pid 5357] +++ exited with 0 +++ [pid 5354] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 [ 57.242538][ T5354] loop0: detected capacity change from 0 to 2048 [ 57.251907][ T5354] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5358 attached , child_tidptr=0x5555570c15d0) = 5358 [pid 5358] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5358] chdir("./58") = 0 [pid 5358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5358] setpgid(0, 0) = 0 [pid 5358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5358] write(3, "1000", 4) = 4 [pid 5358] close(3) = 0 [pid 5358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5358] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5358] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5359 attached , parent_tid=[5359], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5359 [pid 5359] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5359] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] memfd_create("syzkaller", 0 [pid 5358] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5359] <... memfd_create resumed>) = 3 [pid 5359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5359] munmap(0x7f4000487000, 1048576) = 0 [pid 5359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5359] close(3) = 0 [pid 5359] mkdir("./file0", 0777) = 0 [pid 5359] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5359] chdir("./file0") = 0 [pid 5359] ioctl(4, LOOP_CLR_FD) = 0 [pid 5359] close(4) = 0 [pid 5359] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5359] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5359] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5358] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5362], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5362 [pid 5358] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5359] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5359] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5362 attached [pid 5362] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5362] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5362] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] <... futex resumed>) = 1 [pid 5358] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 0 [pid 5359] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5359] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5359] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] exit_group(0 [pid 5362] <... futex resumed>) = ? [pid 5359] <... futex resumed>) = ? [pid 5358] <... exit_group resumed>) = ? [pid 5362] +++ exited with 0 +++ [pid 5359] +++ exited with 0 +++ [pid 5358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5358, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 57.353886][ T5359] loop0: detected capacity change from 0 to 2048 [ 57.363493][ T5359] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5363 ./strace-static-x86_64: Process 5363 attached [pid 5363] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5363] chdir("./59") = 0 [pid 5363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5363] setpgid(0, 0) = 0 [pid 5363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5363] write(3, "1000", 4) = 4 [pid 5363] close(3) = 0 [pid 5363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5363] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5363] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5363] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5364 attached , parent_tid=[5364], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5364 [pid 5363] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] set_robust_list(0x7f40088a79e0, 24 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5364] <... set_robust_list resumed>) = 0 [pid 5364] memfd_create("syzkaller", 0) = 3 [pid 5364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5364] munmap(0x7f4000487000, 1048576) = 0 [pid 5364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5364] close(3) = 0 [pid 5364] mkdir("./file0", 0777) = 0 [pid 5364] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5364] chdir("./file0") = 0 [pid 5364] ioctl(4, LOOP_CLR_FD) = 0 [pid 5364] close(4) = 0 [pid 5364] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5364] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5363] <... futex resumed>) = 0 [pid 5364] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5363] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... openat resumed>) = 4 [pid 5364] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5364] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5363] <... futex resumed>) = 0 [pid 5364] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5363] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5363] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5364] <... ioctl resumed>) = 0 [pid 5363] <... mprotect resumed>) = 0 [pid 5364] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5364] <... futex resumed>) = 0 [pid 5363] <... clone resumed>, parent_tid=[5367], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5367 [pid 5364] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5367 attached [pid 5367] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5367] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5367] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5363] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5367] <... futex resumed>) = 1 [pid 5367] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] <... write resumed>) = 7 [pid 5364] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5364] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] exit_group(0 [pid 5364] <... futex resumed>) = ? [pid 5363] <... exit_group resumed>) = ? [pid 5364] +++ exited with 0 +++ [pid 5367] <... futex resumed>) = ? [pid 5367] +++ exited with 0 +++ [pid 5363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5363, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 [ 57.468090][ T5364] loop0: detected capacity change from 0 to 2048 [ 57.477777][ T5364] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5368 ./strace-static-x86_64: Process 5368 attached [pid 5368] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5368] chdir("./60") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5368] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5369 attached , parent_tid=[5369], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5369 [pid 5368] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5369] memfd_create("syzkaller", 0 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5369] <... memfd_create resumed>) = 3 [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5369] munmap(0x7f4000487000, 1048576) = 0 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5369] close(3) = 0 [pid 5369] mkdir("./file0", 0777) = 0 [pid 5369] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5369] chdir("./file0") = 0 [pid 5369] ioctl(4, LOOP_CLR_FD) = 0 [pid 5369] close(4) = 0 [pid 5369] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [pid 5369] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5368] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... openat resumed>) = 4 [pid 5369] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [pid 5369] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5368] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... ioctl resumed>) = 0 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5369] <... futex resumed>) = 0 [pid 5368] <... mmap resumed>) = 0x7f4000566000 [pid 5369] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5372], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5372 [pid 5368] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5372 attached ) = 0 [pid 5372] set_robust_list(0x7f40005869e0, 24 [pid 5368] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... set_robust_list resumed>) = 0 [pid 5372] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5372] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = 1 [pid 5369] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5368] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.569939][ T5369] loop0: detected capacity change from 0 to 2048 [ 57.579930][ T5369] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5372] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] <... write resumed>) = 7 [pid 5369] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] exit_group(0 [pid 5372] <... futex resumed>) = ? [pid 5369] <... futex resumed>) = ? [pid 5368] <... exit_group resumed>) = ? [pid 5372] +++ exited with 0 +++ [pid 5369] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5368, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5373 ./strace-static-x86_64: Process 5373 attached [pid 5373] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5373] chdir("./61") = 0 [pid 5373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5373] setpgid(0, 0) = 0 [pid 5373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5373] write(3, "1000", 4) = 4 [pid 5373] close(3) = 0 [pid 5373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5373] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5373] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5373] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5374 attached [pid 5374] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5374] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... clone resumed>, parent_tid=[5374], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5374 [pid 5373] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] memfd_create("syzkaller", 0) = 3 [pid 5374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5373] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5374] munmap(0x7f4000487000, 1048576) = 0 [pid 5374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5374] close(3) = 0 [pid 5374] mkdir("./file0", 0777) = 0 [pid 5374] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5374] chdir("./file0") = 0 [pid 5374] ioctl(4, LOOP_CLR_FD) = 0 [pid 5374] close(4) = 0 [pid 5374] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... openat resumed>) = 4 [pid 5374] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5374] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5373] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... ioctl resumed>) = 0 [pid 5373] <... futex resumed>) = 0 [pid 5374] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 0 [pid 5374] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5373] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5373] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5377], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5377 [pid 5373] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5377 attached [pid 5377] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5377] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5377] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5374] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5373] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... write resumed>) = 7 [pid 5374] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5374] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] exit_group(0 [pid 5374] <... futex resumed>) = ? [pid 5373] <... exit_group resumed>) = ? [pid 5374] +++ exited with 0 +++ [pid 5377] <... futex resumed>) = ? [pid 5377] +++ exited with 0 +++ [pid 5373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5373, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 57.680744][ T5374] loop0: detected capacity change from 0 to 2048 [ 57.696681][ T5374] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE rmdir("./61/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5378 attached [pid 5378] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5378] chdir("./62") = 0 [pid 5378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5378] setpgid(0, 0) = 0 [pid 5378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5378] write(3, "1000", 4) = 4 [pid 5378] close(3) = 0 [pid 5378] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... clone resumed>, child_tidptr=0x5555570c15d0) = 5378 [pid 5378] <... symlink resumed>) = 0 [pid 5378] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5378] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5378] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5379], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5379 [pid 5378] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5379 attached [pid 5379] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5379] memfd_create("syzkaller", 0) = 3 [pid 5379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5379] munmap(0x7f4000487000, 1048576) = 0 [pid 5379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5379] close(3) = 0 [pid 5379] mkdir("./file0", 0777) = 0 [pid 5379] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5379] chdir("./file0") = 0 [pid 5379] ioctl(4, LOOP_CLR_FD) = 0 [pid 5379] close(4) = 0 [pid 5379] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5378] <... futex resumed>) = 0 [pid 5378] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5379] <... futex resumed>) = 0 [pid 5379] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5379] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5378] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5378] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5378] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5382], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5382 [pid 5378] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5379] <... futex resumed>) = 1 [pid 5379] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5379] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5382 attached [pid 5382] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5382] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5382] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [ 57.796726][ T5379] loop0: detected capacity change from 0 to 2048 [ 57.806348][ T5379] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5378] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5379] <... futex resumed>) = 0 [pid 5382] <... futex resumed>) = 1 [pid 5379] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5382] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] <... write resumed>) = 7 [pid 5379] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5379] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5378] exit_group(0 [pid 5382] <... futex resumed>) = ? [pid 5379] <... futex resumed>) = ? [pid 5378] <... exit_group resumed>) = ? [pid 5382] +++ exited with 0 +++ [pid 5379] +++ exited with 0 +++ [pid 5378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5378, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5383 ./strace-static-x86_64: Process 5383 attached [pid 5383] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5383] chdir("./63") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5383] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5384], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5384 [pid 5383] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5384 attached [pid 5384] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5384] memfd_create("syzkaller", 0) = 3 [pid 5384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5384] munmap(0x7f4000487000, 1048576) = 0 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5384] close(3) = 0 [pid 5384] mkdir("./file0", 0777) = 0 [pid 5384] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5384] chdir("./file0") = 0 [pid 5384] ioctl(4, LOOP_CLR_FD) = 0 [pid 5384] close(4) = 0 [pid 5384] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5384] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5383] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5384] <... futex resumed>) = 1 [pid 5383] <... mprotect resumed>) = 0 [pid 5384] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5383] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5387], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5387 [pid 5383] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5387 attached [pid 5387] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5387] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5384] <... ioctl resumed>) = 0 [pid 5387] <... openat resumed>) = 5 [pid 5387] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5383] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5387] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] <... write resumed>) = 7 [pid 5384] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] exit_group(0) = ? [pid 5387] <... futex resumed>) = ? [pid 5384] <... futex resumed>) = ? [ 57.923709][ T5384] loop0: detected capacity change from 0 to 2048 [ 57.932768][ T5384] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5387] +++ exited with 0 +++ [pid 5384] +++ exited with 0 +++ [pid 5383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5383, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5388 ./strace-static-x86_64: Process 5388 attached [pid 5388] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5388] chdir("./64") = 0 [pid 5388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5388] setpgid(0, 0) = 0 [pid 5388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5388] write(3, "1000", 4) = 4 [pid 5388] close(3) = 0 [pid 5388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5388] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5388] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5388] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5389], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5389 [pid 5388] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5389] memfd_create("syzkaller", 0) = 3 [pid 5389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5389] munmap(0x7f4000487000, 1048576) = 0 [pid 5389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5389] close(3) = 0 [pid 5389] mkdir("./file0", 0777) = 0 [pid 5389] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5389] chdir("./file0") = 0 [pid 5389] ioctl(4, LOOP_CLR_FD) = 0 [pid 5389] close(4) = 0 [pid 5389] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... futex resumed>) = 1 [pid 5389] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5389] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5388] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5388] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5392], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5392 [pid 5388] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... futex resumed>) = 1 [pid 5389] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 5392 attached [ 58.030319][ T5389] loop0: detected capacity change from 0 to 2048 [ 58.039587][ T5389] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE ) = 0 [pid 5389] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] set_robust_list(0x7f40005869e0, 24 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] <... set_robust_list resumed>) = 0 [pid 5392] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5392] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... futex resumed>) = 0 [pid 5389] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5392] <... futex resumed>) = 1 [pid 5392] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... write resumed>) = 7 [pid 5389] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5388] exit_group(0) = ? [pid 5389] <... futex resumed>) = ? [pid 5389] +++ exited with 0 +++ [pid 5392] <... futex resumed>) = ? [pid 5392] +++ exited with 0 +++ [pid 5388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5388, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5393 ./strace-static-x86_64: Process 5393 attached [pid 5393] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5393] chdir("./65") = 0 [pid 5393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5393] setpgid(0, 0) = 0 [pid 5393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5393] write(3, "1000", 4) = 4 [pid 5393] close(3) = 0 [pid 5393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5393] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5393] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5394], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5394 [pid 5393] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5394 attached [pid 5394] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5394] memfd_create("syzkaller", 0) = 3 [pid 5394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5394] munmap(0x7f4000487000, 1048576) = 0 [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5394] close(3) = 0 [pid 5394] mkdir("./file0", 0777) = 0 [pid 5394] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5394] chdir("./file0") = 0 [pid 5394] ioctl(4, LOOP_CLR_FD) = 0 [pid 5394] close(4) = 0 [pid 5394] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... futex resumed>) = 1 [pid 5394] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5394] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5393] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5397], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5397 [pid 5393] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... futex resumed>) = 1 [pid 5394] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5394] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5397 attached [pid 5397] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5397] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5397] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = 0 [pid 5393] <... futex resumed>) = 1 [pid 5394] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5393] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... write resumed>) = 7 [pid 5394] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5394] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] exit_group(0 [pid 5397] <... futex resumed>) = ? [pid 5394] <... futex resumed>) = ? [pid 5393] <... exit_group resumed>) = ? [pid 5397] +++ exited with 0 +++ [pid 5394] +++ exited with 0 +++ [pid 5393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5393, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 [ 58.145039][ T5394] loop0: detected capacity change from 0 to 2048 [ 58.154519][ T5394] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5398 ./strace-static-x86_64: Process 5398 attached [pid 5398] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5398] chdir("./66") = 0 [pid 5398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5398] setpgid(0, 0) = 0 [pid 5398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5398] write(3, "1000", 4) = 4 [pid 5398] close(3) = 0 [pid 5398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5398] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5398] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5399], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5399 [pid 5398] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5399 attached [pid 5399] set_robust_list(0x7f40088a79e0, 24 [pid 5398] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5399] <... set_robust_list resumed>) = 0 [pid 5399] memfd_create("syzkaller", 0) = 3 [pid 5399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5399] munmap(0x7f4000487000, 1048576) = 0 [pid 5399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5399] close(3) = 0 [pid 5399] mkdir("./file0", 0777) = 0 [pid 5399] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5399] chdir("./file0") = 0 [pid 5399] ioctl(4, LOOP_CLR_FD) = 0 [pid 5399] close(4) = 0 [pid 5399] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [pid 5399] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5399] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [ 58.253835][ T5399] loop0: detected capacity change from 0 to 2048 [ 58.262719][ T5399] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5398] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5402], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5402 [pid 5398] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5402 attached [pid 5399] <... futex resumed>) = 1 [pid 5398] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] set_robust_list(0x7f40005869e0, 24 [pid 5399] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5402] <... set_robust_list resumed>) = 0 [pid 5402] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5402] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5399] <... ioctl resumed>) = 0 [pid 5398] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5402] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] exit_group(0 [pid 5399] <... futex resumed>) = ? [pid 5398] <... exit_group resumed>) = ? [pid 5399] +++ exited with 0 +++ [pid 5402] <... futex resumed>) = ? [pid 5402] +++ exited with 0 +++ [pid 5398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5398, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5403 ./strace-static-x86_64: Process 5403 attached [pid 5403] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5403] chdir("./67") = 0 [pid 5403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5403] setpgid(0, 0) = 0 [pid 5403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5403] write(3, "1000", 4) = 4 [pid 5403] close(3) = 0 [pid 5403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5403] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5403] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5403] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5404 attached [pid 5404] set_robust_list(0x7f40088a79e0, 24 [pid 5403] <... clone resumed>, parent_tid=[5404], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5404 [pid 5404] <... set_robust_list resumed>) = 0 [pid 5403] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] memfd_create("syzkaller", 0) = 3 [pid 5403] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5404] munmap(0x7f4000487000, 1048576) = 0 [pid 5404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5404] close(3) = 0 [pid 5404] mkdir("./file0", 0777) = 0 [pid 5404] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5404] chdir("./file0") = 0 [pid 5404] ioctl(4, LOOP_CLR_FD) = 0 [pid 5404] close(4) = 0 [pid 5404] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5404] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5403] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... openat resumed>) = 4 [pid 5404] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] <... futex resumed>) = 1 [pid 5403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5404] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5403] <... mmap resumed>) = 0x7f4000566000 [pid 5404] <... ioctl resumed>) = 0 [pid 5403] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5403] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5404] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] <... clone resumed>, parent_tid=[5407], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5407 [pid 5404] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5407 attached [pid 5407] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5407] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5407] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5403] <... futex resumed>) = 1 [pid 5404] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5403] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... write resumed>) = 7 [pid 5407] <... futex resumed>) = 1 [pid 5404] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] <... futex resumed>) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5404] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] exit_group(0 [pid 5404] <... futex resumed>) = ? [pid 5403] <... exit_group resumed>) = ? [pid 5407] <... futex resumed>) = ? [pid 5404] +++ exited with 0 +++ [pid 5407] +++ exited with 0 +++ [pid 5403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5403, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 58.381497][ T5404] loop0: detected capacity change from 0 to 2048 [ 58.391805][ T5404] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5408 ./strace-static-x86_64: Process 5408 attached [pid 5408] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5408] chdir("./68") = 0 [pid 5408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5408] setpgid(0, 0) = 0 [pid 5408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5408] write(3, "1000", 4) = 4 [pid 5408] close(3) = 0 [pid 5408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5408] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5408] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5408] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5409 attached , parent_tid=[5409], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5409 [pid 5409] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5409] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5409] <... futex resumed>) = 0 [pid 5409] memfd_create("syzkaller", 0) = 3 [pid 5409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5409] munmap(0x7f4000487000, 1048576) = 0 [pid 5409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5409] close(3) = 0 [pid 5409] mkdir("./file0", 0777) = 0 [pid 5409] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5409] chdir("./file0") = 0 [pid 5409] ioctl(4, LOOP_CLR_FD) = 0 [pid 5409] close(4) = 0 [pid 5409] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] <... futex resumed>) = 0 [pid 5409] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5408] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... openat resumed>) = 4 [pid 5408] <... futex resumed>) = 0 [pid 5409] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... futex resumed>) = 0 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5409] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5408] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... ioctl resumed>) = 0 [pid 5408] <... futex resumed>) = 0 [pid 5409] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5408] <... futex resumed>) = 0 [pid 5409] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5408] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5408] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5412], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5412 [pid 5408] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5412 attached [pid 5412] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5412] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5412] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5408] <... futex resumed>) = 1 [pid 5409] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5408] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... write resumed>) = 7 [pid 5409] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] <... futex resumed>) = 0 [pid 5409] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] exit_group(0 [pid 5409] <... futex resumed>) = ? [pid 5408] <... exit_group resumed>) = ? [pid 5409] +++ exited with 0 +++ [pid 5412] <... futex resumed>) = ? [pid 5412] +++ exited with 0 +++ [pid 5408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5408, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 58.502649][ T5409] loop0: detected capacity change from 0 to 2048 [ 58.511921][ T5409] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5413 ./strace-static-x86_64: Process 5413 attached [pid 5413] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5413] chdir("./69") = 0 [pid 5413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5413] setpgid(0, 0) = 0 [pid 5413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5413] write(3, "1000", 4) = 4 [pid 5413] close(3) = 0 [pid 5413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5413] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5413] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5413] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5414], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5414 [pid 5413] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5414 attached [pid 5414] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5414] memfd_create("syzkaller", 0) = 3 [pid 5414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5414] munmap(0x7f4000487000, 1048576) = 0 [pid 5414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5414] close(3) = 0 [pid 5414] mkdir("./file0", 0777) = 0 [pid 5414] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5414] chdir("./file0") = 0 [pid 5414] ioctl(4, LOOP_CLR_FD) = 0 [pid 5414] close(4) = 0 [pid 5414] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5413] <... futex resumed>) = 1 [pid 5414] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5413] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... openat resumed>) = 4 [pid 5414] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5414] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5413] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] <... ioctl resumed>) = 0 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5414] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... mmap resumed>) = 0x7f4000566000 [pid 5414] <... futex resumed>) = 0 [pid 5413] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5414] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] <... mprotect resumed>) = 0 [pid 5413] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5417], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5417 [pid 5413] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5417 attached [pid 5413] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5417] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5417] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... futex resumed>) = 0 [pid 5413] <... futex resumed>) = 1 [pid 5414] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5413] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... write resumed>) = 7 [pid 5414] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [ 58.604354][ T5414] loop0: detected capacity change from 0 to 2048 [ 58.613587][ T5414] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5414] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] exit_group(0 [pid 5417] <... futex resumed>) = ? [pid 5414] <... futex resumed>) = ? [pid 5413] <... exit_group resumed>) = ? [pid 5414] +++ exited with 0 +++ [pid 5417] +++ exited with 0 +++ [pid 5413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5413, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5418 attached , child_tidptr=0x5555570c15d0) = 5418 [pid 5418] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5418] chdir("./70") = 0 [pid 5418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5418] setpgid(0, 0) = 0 [pid 5418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5418] write(3, "1000", 4) = 4 [pid 5418] close(3) = 0 [pid 5418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5418] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5418] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5418] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5419], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5419 [pid 5418] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5419 attached [pid 5419] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5419] memfd_create("syzkaller", 0) = 3 [pid 5419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5419] munmap(0x7f4000487000, 1048576) = 0 [pid 5419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5419] close(3) = 0 [pid 5419] mkdir("./file0", 0777) = 0 [pid 5419] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5419] chdir("./file0") = 0 [pid 5419] ioctl(4, LOOP_CLR_FD) = 0 [pid 5419] close(4) = 0 [pid 5419] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5419] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5418] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... openat resumed>) = 4 [pid 5419] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5419] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5418] <... futex resumed>) = 0 [pid 5419] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5418] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... ioctl resumed>) = 0 [pid 5418] <... futex resumed>) = 0 [pid 5419] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5419] <... futex resumed>) = 0 [pid 5418] <... mmap resumed>) = 0x7f4000566000 [pid 5419] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5418] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5422], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5422 [pid 5418] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5422 attached [pid 5422] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5422] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5422] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5419] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5418] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] <... write resumed>) = 7 [pid 5419] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5419] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] exit_group(0 [pid 5419] <... futex resumed>) = ? [pid 5418] <... exit_group resumed>) = ? [pid 5419] +++ exited with 0 +++ [pid 5422] <... futex resumed>) = ? [pid 5422] +++ exited with 0 +++ [pid 5418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5418, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 [ 58.731359][ T5419] loop0: detected capacity change from 0 to 2048 [ 58.740448][ T5419] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5423 ./strace-static-x86_64: Process 5423 attached [pid 5423] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5423] chdir("./71") = 0 [pid 5423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5423] setpgid(0, 0) = 0 [pid 5423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5423] write(3, "1000", 4) = 4 [pid 5423] close(3) = 0 [pid 5423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5423] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5423] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5423] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5424 attached , parent_tid=[5424], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5424 [pid 5424] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5423] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] memfd_create("syzkaller", 0 [pid 5423] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5424] <... memfd_create resumed>) = 3 [pid 5424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5424] munmap(0x7f4000487000, 1048576) = 0 [pid 5424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5424] close(3) = 0 [pid 5424] mkdir("./file0", 0777) = 0 [pid 5424] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5424] chdir("./file0") = 0 [pid 5424] ioctl(4, LOOP_CLR_FD) = 0 [pid 5424] close(4) = 0 [pid 5424] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] <... futex resumed>) = 1 [pid 5424] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5424] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5423] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5423] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5427], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5427 [pid 5423] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] <... futex resumed>) = 1 [pid 5424] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5424] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5427 attached [pid 5427] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5427] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5427] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] <... futex resumed>) = 0 [pid 5424] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5427] <... futex resumed>) = 1 [pid 5427] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] <... write resumed>) = 7 [pid 5424] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5424] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] exit_group(0) = ? [pid 5427] <... futex resumed>) = ? [pid 5424] <... futex resumed>) = ? [pid 5424] +++ exited with 0 +++ [pid 5427] +++ exited with 0 +++ [pid 5423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5423, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 [ 58.854362][ T5424] loop0: detected capacity change from 0 to 2048 [ 58.863639][ T5424] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5428 ./strace-static-x86_64: Process 5428 attached [pid 5428] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5428] chdir("./72") = 0 [pid 5428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5428] setpgid(0, 0) = 0 [pid 5428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5428] write(3, "1000", 4) = 4 [pid 5428] close(3) = 0 [pid 5428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5428] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5428] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5428] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5429], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5429 [pid 5428] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5429 attached [pid 5429] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5429] memfd_create("syzkaller", 0) = 3 [pid 5429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5429] munmap(0x7f4000487000, 1048576) = 0 [pid 5429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5429] close(3) = 0 [pid 5429] mkdir("./file0", 0777) = 0 [pid 5429] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5429] chdir("./file0") = 0 [pid 5429] ioctl(4, LOOP_CLR_FD) = 0 [pid 5429] close(4) = 0 [pid 5429] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... futex resumed>) = 1 [pid 5429] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5429] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5429] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5429] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5428] <... mmap resumed>) = 0x7f4000566000 [pid 5428] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5428] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5432 attached [pid 5429] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... clone resumed>, parent_tid=[5432], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5432 [pid 5428] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] set_robust_list(0x7f40005869e0, 24) = 0 [ 58.958605][ T5429] loop0: detected capacity change from 0 to 2048 [ 58.968553][ T5429] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5432] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5429] <... futex resumed>) = 0 [pid 5432] <... openat resumed>) = 5 [pid 5432] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5432] <... futex resumed>) = 1 [pid 5428] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5429] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5429] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] exit_group(0 [pid 5432] <... futex resumed>) = ? [pid 5429] <... futex resumed>) = ? [pid 5428] <... exit_group resumed>) = ? [pid 5432] +++ exited with 0 +++ [pid 5429] +++ exited with 0 +++ [pid 5428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5428, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5433 ./strace-static-x86_64: Process 5433 attached [pid 5433] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5433] chdir("./73") = 0 [pid 5433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5433] setpgid(0, 0) = 0 [pid 5433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5433] write(3, "1000", 4) = 4 [pid 5433] close(3) = 0 [pid 5433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5433] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5433] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5433] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5434], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5434 [pid 5433] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5434 attached [pid 5434] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5434] memfd_create("syzkaller", 0) = 3 [pid 5434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5434] munmap(0x7f4000487000, 1048576) = 0 [pid 5434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5434] close(3) = 0 [pid 5434] mkdir("./file0", 0777) = 0 [pid 5434] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5434] chdir("./file0") = 0 [pid 5434] ioctl(4, LOOP_CLR_FD) = 0 [pid 5434] close(4) = 0 [pid 5434] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... futex resumed>) = 1 [pid 5434] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5434] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5434] <... futex resumed>) = 1 [pid 5433] <... mmap resumed>) = 0x7f4000566000 [pid 5434] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5433] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5434] <... ioctl resumed>) = 0 [pid 5433] <... mprotect resumed>) = 0 [pid 5434] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] <... clone resumed>, parent_tid=[5437], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5437 [pid 5433] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5437 attached ) = 0 [pid 5433] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5437] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 59.070783][ T5434] loop0: detected capacity change from 0 to 2048 [ 59.080116][ T5434] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5437] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = 1 [pid 5434] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5433] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5434] <... write resumed>) = 7 [pid 5434] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] exit_group(0 [pid 5437] <... futex resumed>) = ? [pid 5434] <... futex resumed>) = ? [pid 5433] <... exit_group resumed>) = ? [pid 5437] +++ exited with 0 +++ [pid 5434] +++ exited with 0 +++ [pid 5433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5433, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5438 ./strace-static-x86_64: Process 5438 attached [pid 5438] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5438] chdir("./74") = 0 [pid 5438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5438] setpgid(0, 0) = 0 [pid 5438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5438] write(3, "1000", 4) = 4 [pid 5438] close(3) = 0 [pid 5438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5438] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5438] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5438] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5439 attached , parent_tid=[5439], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5439 [pid 5439] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5439] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5439] memfd_create("syzkaller", 0 [pid 5438] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5439] <... memfd_create resumed>) = 3 [pid 5439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5439] munmap(0x7f4000487000, 1048576) = 0 [pid 5439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5439] close(3) = 0 [pid 5439] mkdir("./file0", 0777) = 0 [pid 5439] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5439] chdir("./file0") = 0 [pid 5439] ioctl(4, LOOP_CLR_FD) = 0 [pid 5439] close(4) = 0 [pid 5439] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5438] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5438] <... futex resumed>) = 0 [pid 5438] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... openat resumed>) = 4 [pid 5439] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5438] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... ioctl resumed>) = 0 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5439] <... futex resumed>) = 0 [pid 5438] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5439] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] <... mprotect resumed>) = 0 [pid 5438] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5442], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5442 [pid 5438] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5442 attached [pid 5442] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5442] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5442] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5438] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5438] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5442] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5439] <... write resumed>) = 7 [pid 5439] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] <... futex resumed>) = 0 [pid 5438] exit_group(0 [pid 5439] <... futex resumed>) = ? [pid 5438] <... exit_group resumed>) = ? [pid 5439] +++ exited with 0 +++ [pid 5442] <... futex resumed>) = ? [pid 5442] +++ exited with 0 +++ [pid 5438] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5438, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 [ 59.176763][ T5439] loop0: detected capacity change from 0 to 2048 [ 59.186768][ T5439] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5443 ./strace-static-x86_64: Process 5443 attached [pid 5443] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5443] chdir("./75") = 0 [pid 5443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5443] setpgid(0, 0) = 0 [pid 5443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5443] write(3, "1000", 4) = 4 [pid 5443] close(3) = 0 [pid 5443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5443] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5443] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5443] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5444], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5444 [pid 5443] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5444 attached [pid 5444] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5444] memfd_create("syzkaller", 0) = 3 [pid 5444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5444] munmap(0x7f4000487000, 1048576) = 0 [pid 5444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5444] close(3) = 0 [pid 5444] mkdir("./file0", 0777) = 0 [pid 5444] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5444] chdir("./file0") = 0 [pid 5444] ioctl(4, LOOP_CLR_FD) = 0 [pid 5444] close(4) = 0 [pid 5444] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5443] <... futex resumed>) = 1 [pid 5444] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5443] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... openat resumed>) = 4 [pid 5444] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] <... futex resumed>) = 0 [pid 5444] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5443] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... ioctl resumed>) = 0 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5444] <... futex resumed>) = 0 [pid 5443] <... mmap resumed>) = 0x7f4000566000 [pid 5444] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5443] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5447], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5447 [pid 5443] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5447 attached [pid 5447] set_robust_list(0x7f40005869e0, 24 [pid 5443] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... set_robust_list resumed>) = 0 [pid 5447] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5447] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5447] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5443] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5444] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] exit_group(0 [pid 5447] <... futex resumed>) = ? [pid 5444] <... futex resumed>) = ? [pid 5443] <... exit_group resumed>) = ? [pid 5447] +++ exited with 0 +++ [pid 5444] +++ exited with 0 +++ [pid 5443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5443, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 59.292935][ T5444] loop0: detected capacity change from 0 to 2048 [ 59.303676][ T5444] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5448 ./strace-static-x86_64: Process 5448 attached [pid 5448] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5448] chdir("./76") = 0 [pid 5448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5448] setpgid(0, 0) = 0 [pid 5448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5448] write(3, "1000", 4) = 4 [pid 5448] close(3) = 0 [pid 5448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5448] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5448] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5449], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5449 [pid 5448] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5449 attached [pid 5449] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5449] memfd_create("syzkaller", 0) = 3 [pid 5449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5449] munmap(0x7f4000487000, 1048576) = 0 [pid 5449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5449] close(3) = 0 [pid 5449] mkdir("./file0", 0777) = 0 [pid 5449] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5449] chdir("./file0") = 0 [pid 5449] ioctl(4, LOOP_CLR_FD) = 0 [pid 5449] close(4) = 0 [pid 5449] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... futex resumed>) = 1 [pid 5449] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5449] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5448] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5452], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5452 [pid 5448] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5452 attached [pid 5449] <... futex resumed>) = 1 [pid 5452] set_robust_list(0x7f40005869e0, 24 [pid 5449] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5452] <... set_robust_list resumed>) = 0 [pid 5452] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5449] <... ioctl resumed>) = 0 [pid 5449] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] <... openat resumed>) = 5 [pid 5452] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5452] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... futex resumed>) = 0 [pid 5449] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5449] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] exit_group(0 [pid 5452] <... futex resumed>) = ? [pid 5448] <... exit_group resumed>) = ? [pid 5452] +++ exited with 0 +++ [pid 5449] <... futex resumed>) = ? [pid 5449] +++ exited with 0 +++ [pid 5448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5448, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 59.406500][ T5449] loop0: detected capacity change from 0 to 2048 [ 59.415722][ T5449] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5453 ./strace-static-x86_64: Process 5453 attached [pid 5453] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5453] chdir("./77") = 0 [pid 5453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5453] setpgid(0, 0) = 0 [pid 5453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5453] write(3, "1000", 4) = 4 [pid 5453] close(3) = 0 [pid 5453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5453] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5453] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5453] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5454 attached , parent_tid=[5454], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5454 [pid 5454] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5453] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5454] memfd_create("syzkaller", 0) = 3 [pid 5454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5454] munmap(0x7f4000487000, 1048576) = 0 [pid 5454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5454] close(3) = 0 [pid 5454] mkdir("./file0", 0777) = 0 [pid 5454] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5454] chdir("./file0") = 0 [pid 5454] ioctl(4, LOOP_CLR_FD) = 0 [pid 5454] close(4) = 0 [pid 5454] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... futex resumed>) = 1 [pid 5454] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5454] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 1 [pid 5453] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5453] <... futex resumed>) = 0 [pid 5454] <... ioctl resumed>) = 0 [pid 5453] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 0 [pid 5453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5454] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] <... mmap resumed>) = 0x7f4000566000 [pid 5453] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5453] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5457], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5457 [pid 5453] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5457 attached [pid 5457] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5457] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5457] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... futex resumed>) = 0 [pid 5454] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5457] <... futex resumed>) = 1 [pid 5457] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] <... write resumed>) = 7 [pid 5454] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] exit_group(0 [pid 5454] <... futex resumed>) = ? [pid 5453] <... exit_group resumed>) = ? [pid 5454] +++ exited with 0 +++ [pid 5457] <... futex resumed>) = ? [pid 5457] +++ exited with 0 +++ [pid 5453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5453, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 59.525111][ T5454] loop0: detected capacity change from 0 to 2048 [ 59.534250][ T5454] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5458 ./strace-static-x86_64: Process 5458 attached [pid 5458] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5458] chdir("./78") = 0 [pid 5458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5458] setpgid(0, 0) = 0 [pid 5458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5458] write(3, "1000", 4) = 4 [pid 5458] close(3) = 0 [pid 5458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5458] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5458] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5458] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5459], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5459 [pid 5458] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5459 attached [pid 5459] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5459] memfd_create("syzkaller", 0) = 3 [pid 5459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5459] munmap(0x7f4000487000, 1048576) = 0 [pid 5459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5459] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5459] close(3) = 0 [pid 5459] mkdir("./file0", 0777) = 0 [pid 5459] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5459] chdir("./file0") = 0 [pid 5459] ioctl(4, LOOP_CLR_FD) = 0 [pid 5459] close(4) = 0 [pid 5459] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5458] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... openat resumed>) = 4 [pid 5459] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5458] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] <... ioctl resumed>) = 0 [pid 5458] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5459] <... futex resumed>) = 0 [pid 5458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5459] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] <... mmap resumed>) = 0x7f4000566000 [pid 5458] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5458] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5462], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5462 [pid 5458] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5462 attached [pid 5462] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5462] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5462] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = 0 [pid 5458] <... futex resumed>) = 1 [pid 5459] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5458] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] <... write resumed>) = 7 [pid 5459] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] exit_group(0 [pid 5459] <... futex resumed>) = ? [pid 5458] <... exit_group resumed>) = ? [pid 5459] +++ exited with 0 +++ [pid 5462] <... futex resumed>) = ? [pid 5462] +++ exited with 0 +++ [pid 5458] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5458, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 [ 59.630584][ T5459] loop0: detected capacity change from 0 to 2048 [ 59.639951][ T5459] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5463 ./strace-static-x86_64: Process 5463 attached [pid 5463] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5463] chdir("./79") = 0 [pid 5463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5463] setpgid(0, 0) = 0 [pid 5463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5463] write(3, "1000", 4) = 4 [pid 5463] close(3) = 0 [pid 5463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5463] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5463] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5463] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5464 attached , parent_tid=[5464], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5464 [pid 5463] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] set_robust_list(0x7f40088a79e0, 24 [pid 5463] <... futex resumed>) = 0 [pid 5464] <... set_robust_list resumed>) = 0 [pid 5464] memfd_create("syzkaller", 0) = 3 [pid 5464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5463] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5464] munmap(0x7f4000487000, 1048576) = 0 [pid 5464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5464] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5464] close(3) = 0 [pid 5464] mkdir("./file0", 0777) = 0 [pid 5464] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5464] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5464] chdir("./file0") = 0 [pid 5464] ioctl(4, LOOP_CLR_FD) = 0 [pid 5464] close(4) = 0 [pid 5464] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] <... futex resumed>) = 1 [pid 5464] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5464] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5464] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5463] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5463] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5467 attached [pid 5464] <... ioctl resumed>) = 0 [pid 5467] set_robust_list(0x7f40005869e0, 24 [pid 5464] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... clone resumed>, parent_tid=[5467], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5467 [pid 5467] <... set_robust_list resumed>) = 0 [pid 5464] <... futex resumed>) = 0 [pid 5463] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5464] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... openat resumed>) = 5 [pid 5467] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5467] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5463] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5463] <... futex resumed>) = 1 [pid 5464] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5463] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] <... write resumed>) = 7 [pid 5464] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5463] exit_group(0) = ? [pid 5464] +++ exited with 0 +++ [pid 5467] <... futex resumed>) = ? [pid 5467] +++ exited with 0 +++ [pid 5463] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5463, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 [ 59.741688][ T5464] loop0: detected capacity change from 0 to 2048 [ 59.750943][ T5464] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5468 ./strace-static-x86_64: Process 5468 attached [pid 5468] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5468] chdir("./80") = 0 [pid 5468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5468] setpgid(0, 0) = 0 [pid 5468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5468] write(3, "1000", 4) = 4 [pid 5468] close(3) = 0 [pid 5468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5468] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5468] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5468] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5469], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5469 [pid 5468] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5469 attached [pid 5469] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5469] memfd_create("syzkaller", 0) = 3 [pid 5469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5469] munmap(0x7f4000487000, 1048576) = 0 [pid 5469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5469] close(3) = 0 [pid 5469] mkdir("./file0", 0777) = 0 [pid 5469] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5469] chdir("./file0") = 0 [pid 5469] ioctl(4, LOOP_CLR_FD) = 0 [pid 5469] close(4) = 0 [pid 5469] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... futex resumed>) = 1 [pid 5469] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5469] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5468] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5468] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5472], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5472 [pid 5468] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... futex resumed>) = 1 [pid 5469] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 ./strace-static-x86_64: Process 5472 attached [pid 5472] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5472] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5472] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5472] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5468] <... futex resumed>) = 0 [pid 5472] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5468] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... write resumed>) = 7 [pid 5472] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5472] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] exit_group(0 [pid 5472] <... futex resumed>) = ? [pid 5468] <... exit_group resumed>) = ? [pid 5472] +++ exited with 0 +++ [pid 5469] <... futex resumed>) = ? [ 59.853870][ T5469] loop0: detected capacity change from 0 to 2048 [ 59.864325][ T5469] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5469] +++ exited with 0 +++ [pid 5468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5468, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5473 ./strace-static-x86_64: Process 5473 attached [pid 5473] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5473] chdir("./81") = 0 [pid 5473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5473] setpgid(0, 0) = 0 [pid 5473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5473] write(3, "1000", 4) = 4 [pid 5473] close(3) = 0 [pid 5473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5473] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5473] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5474 attached , parent_tid=[5474], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5474 [pid 5474] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5474] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] <... futex resumed>) = 0 [pid 5474] memfd_create("syzkaller", 0) = 3 [pid 5474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5473] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5474] munmap(0x7f4000487000, 1048576) = 0 [pid 5474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5474] close(3) = 0 [pid 5474] mkdir("./file0", 0777) = 0 [pid 5474] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5474] chdir("./file0") = 0 [pid 5474] ioctl(4, LOOP_CLR_FD) = 0 [pid 5474] close(4) = 0 [pid 5474] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... openat resumed>) = 4 [pid 5474] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] <... futex resumed>) = 1 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5474] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5473] <... mmap resumed>) = 0x7f4000566000 [pid 5474] <... ioctl resumed>) = 0 [pid 5473] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5474] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] <... clone resumed>, parent_tid=[5477], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5477 ./strace-static-x86_64: Process 5477 attached [pid 5477] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5477] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... futex resumed>) = 0 [pid 5477] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5477] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5474] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5473] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... futex resumed>) = 1 [pid 5477] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... write resumed>) = 7 [pid 5474] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] exit_group(0) = ? [pid 5474] <... futex resumed>) = ? [pid 5477] <... futex resumed>) = ? [pid 5477] +++ exited with 0 +++ [pid 5474] +++ exited with 0 +++ [pid 5473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5473, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 [ 59.967270][ T5474] loop0: detected capacity change from 0 to 2048 [ 59.976875][ T5474] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5478 ./strace-static-x86_64: Process 5478 attached [pid 5478] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5478] chdir("./82") = 0 [pid 5478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5478] setpgid(0, 0) = 0 [pid 5478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5478] write(3, "1000", 4) = 4 [pid 5478] close(3) = 0 [pid 5478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5478] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5478] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5478] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5479 attached , parent_tid=[5479], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5479 [pid 5478] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5479] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5479] memfd_create("syzkaller", 0) = 3 [pid 5479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5479] munmap(0x7f4000487000, 1048576) = 0 [pid 5479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5479] close(3) = 0 [pid 5479] mkdir("./file0", 0777) = 0 [pid 5479] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5479] chdir("./file0") = 0 [pid 5479] ioctl(4, LOOP_CLR_FD) = 0 [pid 5479] close(4) = 0 [pid 5479] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5478] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5479] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5479] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5478] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... ioctl resumed>) = 0 [pid 5478] <... futex resumed>) = 0 [pid 5479] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = 0 [pid 5478] <... futex resumed>) = 0 [pid 5479] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5478] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5478] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5482], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5482 [pid 5478] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5482 attached [pid 5482] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5482] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5482] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5482] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = 0 [pid 5478] <... futex resumed>) = 1 [pid 5479] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5478] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... write resumed>) = 7 [pid 5479] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5479] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] exit_group(0 [pid 5479] <... futex resumed>) = ? [ 60.081873][ T5479] loop0: detected capacity change from 0 to 2048 [ 60.091243][ T5479] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5482] <... futex resumed>) = ? [pid 5478] <... exit_group resumed>) = ? [pid 5479] +++ exited with 0 +++ [pid 5482] +++ exited with 0 +++ [pid 5478] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5478, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5483 ./strace-static-x86_64: Process 5483 attached [pid 5483] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5483] chdir("./83") = 0 [pid 5483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5483] setpgid(0, 0) = 0 [pid 5483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5483] write(3, "1000", 4) = 4 [pid 5483] close(3) = 0 [pid 5483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5483] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5483] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5483] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5484 attached [pid 5484] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5484] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5483] <... clone resumed>, parent_tid=[5484], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5484 [pid 5483] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... futex resumed>) = 0 [pid 5484] memfd_create("syzkaller", 0) = 3 [pid 5484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5483] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5484] munmap(0x7f4000487000, 1048576) = 0 [pid 5484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5484] close(3) = 0 [pid 5484] mkdir("./file0", 0777) = 0 [pid 5484] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5484] chdir("./file0") = 0 [pid 5484] ioctl(4, LOOP_CLR_FD) = 0 [pid 5484] close(4) = 0 [pid 5484] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 1 [pid 5484] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5484] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5483] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5484] <... futex resumed>) = 1 [pid 5483] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5484] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 5487 attached ) = 0 [pid 5483] <... clone resumed>, parent_tid=[5487], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5487 [pid 5487] set_robust_list(0x7f40005869e0, 24 [pid 5484] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] <... set_robust_list resumed>) = 0 [pid 5487] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5487] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5483] <... futex resumed>) = 0 [pid 5487] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5483] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5483] <... futex resumed>) = 1 [pid 5484] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5483] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... write resumed>) = 7 [pid 5484] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5483] <... futex resumed>) = 0 [pid 5484] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5483] exit_group(0 [pid 5487] <... futex resumed>) = ? [pid 5484] <... futex resumed>) = ? [pid 5483] <... exit_group resumed>) = ? [pid 5487] +++ exited with 0 +++ [pid 5484] +++ exited with 0 +++ [pid 5483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5483, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 [ 60.210100][ T5484] loop0: detected capacity change from 0 to 2048 [ 60.219575][ T5484] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5488 ./strace-static-x86_64: Process 5488 attached [pid 5488] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5488] chdir("./84") = 0 [pid 5488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5488] setpgid(0, 0) = 0 [pid 5488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5488] write(3, "1000", 4) = 4 [pid 5488] close(3) = 0 [pid 5488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5488] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5488] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5488] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5489 attached , parent_tid=[5489], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5489 [pid 5489] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5489] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5489] memfd_create("syzkaller", 0 [pid 5488] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5489] <... memfd_create resumed>) = 3 [pid 5489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5489] munmap(0x7f4000487000, 1048576) = 0 [pid 5489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5489] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5489] close(3) = 0 [pid 5489] mkdir("./file0", 0777) = 0 [pid 5489] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5489] chdir("./file0") = 0 [pid 5489] ioctl(4, LOOP_CLR_FD) = 0 [pid 5489] close(4) = 0 [pid 5489] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = 0 [pid 5488] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... futex resumed>) = 1 [pid 5489] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5489] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = 0 [pid 5488] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5488] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5488] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5492], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5492 [pid 5488] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... futex resumed>) = 1 [pid 5489] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5489] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5492 attached [pid 5492] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5492] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5492] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = 0 [pid 5488] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... futex resumed>) = 0 [pid 5489] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5489] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5489] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] exit_group(0 [pid 5489] <... futex resumed>) = ? [pid 5488] <... exit_group resumed>) = ? [pid 5489] +++ exited with 0 +++ [pid 5492] <... futex resumed>) = ? [pid 5492] +++ exited with 0 +++ [pid 5488] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5488, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 [ 60.315287][ T5489] loop0: detected capacity change from 0 to 2048 [ 60.325093][ T5489] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5493 ./strace-static-x86_64: Process 5493 attached [pid 5493] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5493] chdir("./85") = 0 [pid 5493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5493] setpgid(0, 0) = 0 [pid 5493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5493] write(3, "1000", 4) = 4 [pid 5493] close(3) = 0 [pid 5493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5493] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5493] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5493] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5494 attached , parent_tid=[5494], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5494 [pid 5494] set_robust_list(0x7f40088a79e0, 24 [pid 5493] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] <... set_robust_list resumed>) = 0 [pid 5493] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5494] memfd_create("syzkaller", 0) = 3 [pid 5494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5494] munmap(0x7f4000487000, 1048576) = 0 [pid 5494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5494] close(3) = 0 [pid 5494] mkdir("./file0", 0777) = 0 [pid 5494] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5494] chdir("./file0") = 0 [pid 5494] ioctl(4, LOOP_CLR_FD) = 0 [pid 5494] close(4) = 0 [pid 5494] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5494] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5493] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5493] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5494] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5493] <... clone resumed>, parent_tid=[5497], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5497 [pid 5494] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5493] <... futex resumed>) = 0 [pid 5494] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5493] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5497 attached [pid 5497] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5497] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5497] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5493] <... futex resumed>) = 1 [pid 5494] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5493] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... futex resumed>) = 1 [pid 5497] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... write resumed>) = 7 [pid 5494] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5494] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5493] exit_group(0 [pid 5494] <... futex resumed>) = ? [pid 5493] <... exit_group resumed>) = ? [pid 5497] <... futex resumed>) = ? [pid 5494] +++ exited with 0 +++ [pid 5497] +++ exited with 0 +++ [pid 5493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5493, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 60.423144][ T5494] loop0: detected capacity change from 0 to 2048 [ 60.432560][ T5494] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5498 attached , child_tidptr=0x5555570c15d0) = 5498 [pid 5498] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5498] chdir("./86") = 0 [pid 5498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5498] setpgid(0, 0) = 0 [pid 5498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5498] write(3, "1000", 4) = 4 [pid 5498] close(3) = 0 [pid 5498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5498] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5498] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5498] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5499 attached , parent_tid=[5499], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5499 [pid 5499] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5499] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5499] <... futex resumed>) = 0 [pid 5499] memfd_create("syzkaller", 0) = 3 [pid 5499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5499] munmap(0x7f4000487000, 1048576) = 0 [pid 5499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5499] close(3) = 0 [pid 5499] mkdir("./file0", 0777) = 0 [pid 5499] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5499] chdir("./file0") = 0 [pid 5499] ioctl(4, LOOP_CLR_FD) = 0 [pid 5499] close(4) = 0 [pid 5499] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... futex resumed>) = 1 [pid 5499] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5499] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5498] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5498] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5499] <... futex resumed>) = 1 [pid 5498] <... clone resumed>, parent_tid=[5502], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5502 [pid 5499] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5498] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] <... ioctl resumed>) = 0 [pid 5498] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5502 attached [pid 5499] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] set_robust_list(0x7f40005869e0, 24 [pid 5499] <... futex resumed>) = 0 [pid 5502] <... set_robust_list resumed>) = 0 [pid 5499] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5502] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5502] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5498] <... futex resumed>) = 1 [pid 5499] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5498] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... write resumed>) = 7 [pid 5499] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] exit_group(0 [pid 5502] <... futex resumed>) = ? [pid 5499] <... futex resumed>) = ? [pid 5498] <... exit_group resumed>) = ? [pid 5502] +++ exited with 0 +++ [pid 5499] +++ exited with 0 +++ [pid 5498] +++ exited with 0 +++ [ 60.535397][ T5499] loop0: detected capacity change from 0 to 2048 [ 60.544519][ T5499] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5498, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5503 ./strace-static-x86_64: Process 5503 attached [pid 5503] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5503] chdir("./87") = 0 [pid 5503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5503] setpgid(0, 0) = 0 [pid 5503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5503] write(3, "1000", 4) = 4 [pid 5503] close(3) = 0 [pid 5503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5503] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5503] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5503] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5504], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5504 [pid 5503] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5504 attached [pid 5504] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5504] memfd_create("syzkaller", 0) = 3 [pid 5504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5504] munmap(0x7f4000487000, 1048576) = 0 [pid 5504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5504] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5504] close(3) = 0 [pid 5504] mkdir("./file0", 0777) = 0 [pid 5504] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5504] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5504] chdir("./file0") = 0 [pid 5504] ioctl(4, LOOP_CLR_FD) = 0 [pid 5504] close(4) = 0 [pid 5504] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] <... futex resumed>) = 0 [pid 5504] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5503] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5503] <... futex resumed>) = 0 [pid 5504] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5503] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5504] <... openat resumed>) = 4 [pid 5504] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] <... futex resumed>) = 0 [pid 5504] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5503] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5503] <... futex resumed>) = 0 [pid 5504] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5503] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... ioctl resumed>) = 0 [pid 5503] <... futex resumed>) = 0 [pid 5504] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5504] <... futex resumed>) = 0 [pid 5503] <... mmap resumed>) = 0x7f4000566000 [pid 5504] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5503] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5503] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5507], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5507 ./strace-static-x86_64: Process 5507 attached [pid 5503] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] set_robust_list(0x7f40005869e0, 24 [pid 5503] <... futex resumed>) = 0 [pid 5507] <... set_robust_list resumed>) = 0 [pid 5503] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5507] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] <... futex resumed>) = 0 [pid 5507] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5503] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... futex resumed>) = 0 [pid 5503] <... futex resumed>) = 1 [pid 5503] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5504] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5504] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] <... futex resumed>) = 0 [pid 5504] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5503] exit_group(0 [pid 5507] <... futex resumed>) = ? [pid 5504] <... futex resumed>) = ? [pid 5503] <... exit_group resumed>) = ? [pid 5507] +++ exited with 0 +++ [pid 5504] +++ exited with 0 +++ [pid 5503] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5503, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 [ 60.647766][ T5504] loop0: detected capacity change from 0 to 2048 [ 60.657844][ T5504] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5508 ./strace-static-x86_64: Process 5508 attached [pid 5508] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5508] chdir("./88") = 0 [pid 5508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5508] setpgid(0, 0) = 0 [pid 5508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5508] write(3, "1000", 4) = 4 [pid 5508] close(3) = 0 [pid 5508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5508] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5508] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5508] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5509], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5509 [pid 5508] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5509 attached [pid 5509] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5509] memfd_create("syzkaller", 0) = 3 [pid 5509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5509] munmap(0x7f4000487000, 1048576) = 0 [pid 5509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5509] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5509] close(3) = 0 [pid 5509] mkdir("./file0", 0777) = 0 [pid 5509] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5509] chdir("./file0") = 0 [pid 5509] ioctl(4, LOOP_CLR_FD) = 0 [pid 5509] close(4) = 0 [pid 5509] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... futex resumed>) = 1 [pid 5509] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5509] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5508] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5508] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5509] <... ioctl resumed>) = 0 [pid 5508] <... mprotect resumed>) = 0 [pid 5508] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5509] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] <... clone resumed>, parent_tid=[5512], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5512 [pid 5508] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5512 attached [pid 5512] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5512] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5512] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5512] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5509] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5508] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... write resumed>) = 7 [pid 5509] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5509] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] exit_group(0 [pid 5509] <... futex resumed>) = ? [pid 5508] <... exit_group resumed>) = ? [pid 5509] +++ exited with 0 +++ [pid 5512] <... futex resumed>) = ? [pid 5512] +++ exited with 0 +++ [pid 5508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5508, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 60.754379][ T5509] loop0: detected capacity change from 0 to 2048 [ 60.764611][ T5509] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5513 ./strace-static-x86_64: Process 5513 attached [pid 5513] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5513] chdir("./89") = 0 [pid 5513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5513] setpgid(0, 0) = 0 [pid 5513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5513] write(3, "1000", 4) = 4 [pid 5513] close(3) = 0 [pid 5513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5513] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5513] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5513] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5514 attached , parent_tid=[5514], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5514 [pid 5514] set_robust_list(0x7f40088a79e0, 24 [pid 5513] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5514] <... set_robust_list resumed>) = 0 [pid 5514] memfd_create("syzkaller", 0) = 3 [pid 5514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5514] munmap(0x7f4000487000, 1048576) = 0 [pid 5514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5514] close(3) = 0 [pid 5514] mkdir("./file0", 0777) = 0 [pid 5514] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5514] chdir("./file0") = 0 [pid 5514] ioctl(4, LOOP_CLR_FD) = 0 [pid 5514] close(4) = 0 [pid 5514] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] <... futex resumed>) = 0 [pid 5514] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5513] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... openat resumed>) = 4 [pid 5514] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = 0 [pid 5513] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5513] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... ioctl resumed>) = 0 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5514] <... futex resumed>) = 0 [pid 5513] <... mmap resumed>) = 0x7f4000566000 [pid 5514] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5513] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5517], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5517 [pid 5513] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5517 attached [pid 5517] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5517] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5517] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] <... futex resumed>) = 0 [pid 5513] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... futex resumed>) = 0 [pid 5514] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5514] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] exit_group(0 [pid 5514] <... futex resumed>) = ? [pid 5513] <... exit_group resumed>) = ? [pid 5514] +++ exited with 0 +++ [pid 5517] <... futex resumed>) = ? [pid 5517] +++ exited with 0 +++ [pid 5513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5513, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 [ 60.882793][ T5514] loop0: detected capacity change from 0 to 2048 [ 60.892022][ T5514] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5518 ./strace-static-x86_64: Process 5518 attached [pid 5518] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5518] chdir("./90") = 0 [pid 5518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5518] setpgid(0, 0) = 0 [pid 5518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5518] write(3, "1000", 4) = 4 [pid 5518] close(3) = 0 [pid 5518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5518] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5518] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5518] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5519 attached , parent_tid=[5519], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5519 [pid 5518] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5519] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5519] memfd_create("syzkaller", 0) = 3 [pid 5519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5519] munmap(0x7f4000487000, 1048576) = 0 [pid 5519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5519] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5519] close(3) = 0 [pid 5519] mkdir("./file0", 0777) = 0 [pid 5519] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5519] chdir("./file0") = 0 [pid 5519] ioctl(4, LOOP_CLR_FD) = 0 [pid 5519] close(4) = 0 [pid 5519] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] <... futex resumed>) = 0 [pid 5518] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = 0 [pid 5518] <... futex resumed>) = 1 [pid 5519] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5518] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... openat resumed>) = 4 [pid 5519] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = 0 [pid 5519] <... futex resumed>) = 1 [pid 5518] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5518] <... futex resumed>) = 0 [pid 5519] <... ioctl resumed>) = 0 [pid 5518] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5519] <... futex resumed>) = 0 [pid 5518] <... mmap resumed>) = 0x7f4000566000 [pid 5519] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5518] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5522], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5522 [pid 5518] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5522 attached [pid 5522] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5522] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5522] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = 0 [pid 5518] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = 0 [pid 5518] <... futex resumed>) = 1 [pid 5519] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5518] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5522] <... futex resumed>) = 1 [pid 5522] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] <... write resumed>) = 7 [pid 5519] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5519] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] exit_group(0 [pid 5519] <... futex resumed>) = ? [pid 5518] <... exit_group resumed>) = ? [pid 5519] +++ exited with 0 +++ [pid 5522] <... futex resumed>) = ? [pid 5522] +++ exited with 0 +++ [pid 5518] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5518, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 60.996037][ T5519] loop0: detected capacity change from 0 to 2048 [ 61.005809][ T5519] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5523 ./strace-static-x86_64: Process 5523 attached [pid 5523] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5523] chdir("./91") = 0 [pid 5523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5523] setpgid(0, 0) = 0 [pid 5523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5523] write(3, "1000", 4) = 4 [pid 5523] close(3) = 0 [pid 5523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5523] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5523] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5523] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5524 attached , parent_tid=[5524], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5524 [pid 5524] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5523] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] memfd_create("syzkaller", 0 [pid 5523] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5524] <... memfd_create resumed>) = 3 [pid 5524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5524] munmap(0x7f4000487000, 1048576) = 0 [pid 5524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5524] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5524] close(3) = 0 [pid 5524] mkdir("./file0", 0777) = 0 [pid 5524] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5524] chdir("./file0") = 0 [pid 5524] ioctl(4, LOOP_CLR_FD) = 0 [pid 5524] close(4) = 0 [pid 5524] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... futex resumed>) = 0 [pid 5523] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... futex resumed>) = 0 [pid 5524] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5524] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] <... futex resumed>) = 0 [pid 5524] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] <... futex resumed>) = 0 [pid 5524] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5523] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] <... ioctl resumed>) = 0 [pid 5523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5524] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... mmap resumed>) = 0x7f4000566000 [pid 5523] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5523] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5527], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5527 [pid 5523] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5527 attached [pid 5527] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5527] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5527] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... futex resumed>) = 0 [pid 5523] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5523] <... futex resumed>) = 1 [pid 5524] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5523] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... write resumed>) = 7 [pid 5524] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] <... futex resumed>) = 0 [pid 5524] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] exit_group(0 [pid 5527] <... futex resumed>) = ? [pid 5524] <... futex resumed>) = ? [pid 5523] <... exit_group resumed>) = ? [pid 5527] +++ exited with 0 +++ [pid 5524] +++ exited with 0 +++ [pid 5523] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5523, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 61.110781][ T5524] loop0: detected capacity change from 0 to 2048 [ 61.120681][ T5524] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5528 ./strace-static-x86_64: Process 5528 attached [pid 5528] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5528] chdir("./92") = 0 [pid 5528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5528] setpgid(0, 0) = 0 [pid 5528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5528] write(3, "1000", 4) = 4 [pid 5528] close(3) = 0 [pid 5528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5528] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5528] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5528] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5529 attached , parent_tid=[5529], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5529 [pid 5528] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5529] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5529] memfd_create("syzkaller", 0) = 3 [pid 5529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5529] munmap(0x7f4000487000, 1048576) = 0 [pid 5529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5529] close(3) = 0 [pid 5529] mkdir("./file0", 0777) = 0 [pid 5529] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5529] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5529] chdir("./file0") = 0 [pid 5529] ioctl(4, LOOP_CLR_FD) = 0 [pid 5529] close(4) = 0 [pid 5529] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5528] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... openat resumed>) = 4 [pid 5529] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5529] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5528] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... ioctl resumed>) = 0 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5529] <... futex resumed>) = 0 [pid 5528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5529] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] <... mmap resumed>) = 0x7f4000566000 [pid 5528] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5528] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5532], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5532 [pid 5528] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5532 attached [pid 5532] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5532] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5532] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = 0 [pid 5528] <... futex resumed>) = 1 [pid 5529] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5528] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5532] <... futex resumed>) = 1 [pid 5532] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] <... write resumed>) = 7 [pid 5529] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5529] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] exit_group(0 [pid 5529] <... futex resumed>) = ? [pid 5528] <... exit_group resumed>) = ? [pid 5529] +++ exited with 0 +++ [pid 5532] <... futex resumed>) = ? [pid 5532] +++ exited with 0 +++ [pid 5528] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5528, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 61.226908][ T5529] loop0: detected capacity change from 0 to 2048 [ 61.236505][ T5529] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5533 attached , child_tidptr=0x5555570c15d0) = 5533 [pid 5533] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5533] chdir("./93") = 0 [pid 5533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5533] setpgid(0, 0) = 0 [pid 5533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5533] write(3, "1000", 4) = 4 [pid 5533] close(3) = 0 [pid 5533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5533] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5533] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5533] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5534], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5534 [pid 5533] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5534 attached [pid 5534] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5534] memfd_create("syzkaller", 0) = 3 [pid 5534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5534] munmap(0x7f4000487000, 1048576) = 0 [pid 5534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5534] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5534] close(3) = 0 [pid 5534] mkdir("./file0", 0777) = 0 [pid 5534] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5534] chdir("./file0") = 0 [pid 5534] ioctl(4, LOOP_CLR_FD) = 0 [pid 5534] close(4) = 0 [pid 5534] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] <... futex resumed>) = 0 [pid 5534] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5533] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] <... openat resumed>) = 4 [pid 5534] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] <... futex resumed>) = 0 [pid 5534] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5533] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... ioctl resumed>) = 0 [pid 5533] <... futex resumed>) = 0 [pid 5534] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... futex resumed>) = 0 [pid 5533] <... futex resumed>) = 0 [pid 5534] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5533] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5533] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5537], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5537 [pid 5533] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5537 attached [pid 5537] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5537] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5537] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] <... futex resumed>) = 0 [pid 5533] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] <... futex resumed>) = 0 [pid 5534] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5534] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] <... futex resumed>) = 0 [pid 5534] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5533] exit_group(0) = ? [pid 5534] <... futex resumed>) = ? [pid 5537] <... futex resumed>) = ? [pid 5534] +++ exited with 0 +++ [pid 5537] +++ exited with 0 +++ [pid 5533] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5533, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 [ 61.338969][ T5534] loop0: detected capacity change from 0 to 2048 [ 61.348663][ T5534] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5538 ./strace-static-x86_64: Process 5538 attached [pid 5538] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5538] chdir("./94") = 0 [pid 5538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5538] setpgid(0, 0) = 0 [pid 5538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5538] write(3, "1000", 4) = 4 [pid 5538] close(3) = 0 [pid 5538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5538] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5538] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5538] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5539], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5539 [pid 5538] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5539 attached [pid 5539] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5539] memfd_create("syzkaller", 0) = 3 [pid 5539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5539] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5539] munmap(0x7f4000487000, 1048576) = 0 [pid 5539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5539] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5539] close(3) = 0 [pid 5539] mkdir("./file0", 0777) = 0 [pid 5539] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5539] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5539] chdir("./file0") = 0 [pid 5539] ioctl(4, LOOP_CLR_FD) = 0 [pid 5539] close(4) = 0 [pid 5539] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... futex resumed>) = 1 [pid 5539] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5539] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5538] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5538] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5542], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5542 [pid 5538] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... futex resumed>) = 1 [pid 5539] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 5542 attached [pid 5542] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5542] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5542] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... ioctl resumed>) = 0 [pid 5539] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... futex resumed>) = 0 [pid 5542] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5542] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = 0 [pid 5538] exit_group(0) = ? [pid 5542] <... futex resumed>) = ? [pid 5539] <... futex resumed>) = ? [pid 5539] +++ exited with 0 +++ [pid 5542] +++ exited with 0 +++ [pid 5538] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5538, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 [ 61.436729][ T5539] loop0: detected capacity change from 0 to 2048 [ 61.446655][ T5539] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5543 ./strace-static-x86_64: Process 5543 attached [pid 5543] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5543] chdir("./95") = 0 [pid 5543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5543] setpgid(0, 0) = 0 [pid 5543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5543] write(3, "1000", 4) = 4 [pid 5543] close(3) = 0 [pid 5543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5543] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5543] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5543] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5544], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5544 [pid 5543] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5544 attached [pid 5544] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5544] memfd_create("syzkaller", 0) = 3 [pid 5544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5544] munmap(0x7f4000487000, 1048576) = 0 [pid 5544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5544] close(3) = 0 [pid 5544] mkdir("./file0", 0777) = 0 [pid 5544] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5544] chdir("./file0") = 0 [pid 5544] ioctl(4, LOOP_CLR_FD) = 0 [pid 5544] close(4) = 0 [pid 5544] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = 1 [pid 5544] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5544] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5543] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5543] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5547], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5547 [pid 5543] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = 1 [pid 5544] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5544] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5547 attached [pid 5547] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5547] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5547] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = 0 [pid 5544] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5547] <... futex resumed>) = 1 [pid 5547] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] <... write resumed>) = 7 [pid 5544] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] exit_group(0 [pid 5544] <... futex resumed>) = ? [pid 5543] <... exit_group resumed>) = ? [pid 5544] +++ exited with 0 +++ [pid 5547] <... futex resumed>) = ? [pid 5547] +++ exited with 0 +++ [pid 5543] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5543, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 [ 61.544261][ T5544] loop0: detected capacity change from 0 to 2048 [ 61.553972][ T5544] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5548 ./strace-static-x86_64: Process 5548 attached [pid 5548] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5548] chdir("./96") = 0 [pid 5548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5548] setpgid(0, 0) = 0 [pid 5548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5548] write(3, "1000", 4) = 4 [pid 5548] close(3) = 0 [pid 5548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5548] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5548] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5548] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5549 attached , parent_tid=[5549], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5549 [pid 5549] set_robust_list(0x7f40088a79e0, 24 [pid 5548] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5549] <... set_robust_list resumed>) = 0 [pid 5549] memfd_create("syzkaller", 0) = 3 [pid 5549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5549] munmap(0x7f4000487000, 1048576) = 0 [pid 5549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5549] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5549] close(3) = 0 [pid 5549] mkdir("./file0", 0777) = 0 [pid 5549] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5549] chdir("./file0") = 0 [pid 5549] ioctl(4, LOOP_CLR_FD) = 0 [pid 5549] close(4) = 0 [pid 5549] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5548] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... openat resumed>) = 4 [pid 5549] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5548] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... ioctl resumed>) = 0 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = 0 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5548] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5548] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5552], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5552 [pid 5548] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5552 attached [pid 5552] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5552] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5552] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = 0 [pid 5548] <... futex resumed>) = 1 [pid 5549] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5548] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... write resumed>) = 7 [pid 5549] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] exit_group(0 [pid 5549] <... futex resumed>) = ? [pid 5548] <... exit_group resumed>) = ? [pid 5549] +++ exited with 0 +++ [pid 5552] <... futex resumed>) = ? [pid 5552] +++ exited with 0 +++ [pid 5548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5548, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 [ 61.644346][ T5549] loop0: detected capacity change from 0 to 2048 [ 61.653751][ T5549] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5553 ./strace-static-x86_64: Process 5553 attached [pid 5553] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5553] chdir("./97") = 0 [pid 5553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5553] setpgid(0, 0) = 0 [pid 5553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5553] write(3, "1000", 4) = 4 [pid 5553] close(3) = 0 [pid 5553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5553] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5553] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5553] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5554], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5554 [pid 5553] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5554 attached [pid 5554] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5554] memfd_create("syzkaller", 0) = 3 [pid 5554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5554] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5554] munmap(0x7f4000487000, 1048576) = 0 [pid 5554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5554] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5554] close(3) = 0 [pid 5554] mkdir("./file0", 0777) = 0 [pid 5554] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5554] chdir("./file0") = 0 [pid 5554] ioctl(4, LOOP_CLR_FD) = 0 [pid 5554] close(4) = 0 [pid 5554] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = 0 [pid 5553] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... futex resumed>) = 1 [pid 5554] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5554] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] <... futex resumed>) = 0 [pid 5554] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5553] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5553] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5554] <... ioctl resumed>) = 0 [pid 5553] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5554] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] <... clone resumed>, parent_tid=[5557], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5557 [pid 5553] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5554] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5553] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5557 attached [pid 5557] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5557] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5557] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] <... futex resumed>) = 0 [pid 5557] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5553] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] <... futex resumed>) = 0 [pid 5553] <... futex resumed>) = 1 [pid 5554] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5553] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... write resumed>) = 7 [pid 5554] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] <... futex resumed>) = 0 [pid 5554] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5553] exit_group(0) = ? [pid 5554] <... futex resumed>) = ? [pid 5557] <... futex resumed>) = ? [pid 5554] +++ exited with 0 +++ [pid 5557] +++ exited with 0 +++ [pid 5553] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5553, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 61.750436][ T5554] loop0: detected capacity change from 0 to 2048 [ 61.760124][ T5554] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5558 ./strace-static-x86_64: Process 5558 attached [pid 5558] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5558] chdir("./98") = 0 [pid 5558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5558] setpgid(0, 0) = 0 [pid 5558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5558] write(3, "1000", 4) = 4 [pid 5558] close(3) = 0 [pid 5558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5558] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5558] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5558] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5559], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5559 [pid 5558] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5559 attached [pid 5559] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5559] memfd_create("syzkaller", 0) = 3 [pid 5559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5559] munmap(0x7f4000487000, 1048576) = 0 [pid 5559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5559] close(3) = 0 [pid 5559] mkdir("./file0", 0777) = 0 [pid 5559] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5559] chdir("./file0") = 0 [pid 5559] ioctl(4, LOOP_CLR_FD) = 0 [pid 5559] close(4) = 0 [pid 5559] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... futex resumed>) = 1 [pid 5559] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5559] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5558] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5559] <... futex resumed>) = 1 [pid 5559] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5559] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] <... mprotect resumed>) = 0 [pid 5558] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5559] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] <... clone resumed>, parent_tid=[5562], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5562 [pid 5558] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5562 attached [pid 5562] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5562] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5562] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5559] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5559] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = 0 [pid 5558] exit_group(0) = ? [pid 5559] <... futex resumed>) = ? [pid 5562] <... futex resumed>) = ? [pid 5562] +++ exited with 0 +++ [pid 5559] +++ exited with 0 +++ [pid 5558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5558, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 [ 61.857240][ T5559] loop0: detected capacity change from 0 to 2048 [ 61.867246][ T5559] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5563 attached , child_tidptr=0x5555570c15d0) = 5563 [pid 5563] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5563] chdir("./99") = 0 [pid 5563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5563] setpgid(0, 0) = 0 [pid 5563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5563] write(3, "1000", 4) = 4 [pid 5563] close(3) = 0 [pid 5563] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5563] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5563] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5563] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5564 attached [pid 5564] set_robust_list(0x7f40088a79e0, 24 [pid 5563] <... clone resumed>, parent_tid=[5564], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5564 [pid 5564] <... set_robust_list resumed>) = 0 [pid 5563] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5564] memfd_create("syzkaller", 0) = 3 [pid 5564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5564] munmap(0x7f4000487000, 1048576) = 0 [pid 5564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5564] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5564] close(3) = 0 [pid 5564] mkdir("./file0", 0777) = 0 [pid 5564] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5564] chdir("./file0") = 0 [pid 5564] ioctl(4, LOOP_CLR_FD) = 0 [pid 5564] close(4) = 0 [pid 5564] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] <... futex resumed>) = 0 [pid 5563] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = 0 [pid 5563] <... futex resumed>) = 1 [pid 5564] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5563] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5564] <... openat resumed>) = 4 [pid 5564] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = 0 [pid 5563] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5564] <... futex resumed>) = 1 [pid 5563] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5563] <... futex resumed>) = 0 [pid 5563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5563] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5563] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5564] <... ioctl resumed>) = 0 [pid 5563] <... clone resumed>, parent_tid=[5567], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5567 [pid 5564] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5567 attached [pid 5564] <... futex resumed>) = 0 [pid 5563] <... futex resumed>) = 0 [pid 5564] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5567] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5567] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5563] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = 0 [pid 5563] <... futex resumed>) = 1 [pid 5564] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5563] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5564] <... write resumed>) = 7 [pid 5564] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5564] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] exit_group(0 [pid 5564] <... futex resumed>) = ? [pid 5563] <... exit_group resumed>) = ? [pid 5564] +++ exited with 0 +++ [pid 5567] <... futex resumed>) = ? [pid 5567] +++ exited with 0 +++ [pid 5563] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5563, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 [ 61.962871][ T5564] loop0: detected capacity change from 0 to 2048 [ 61.972443][ T5564] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5568 ./strace-static-x86_64: Process 5568 attached [pid 5568] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5568] chdir("./100") = 0 [pid 5568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5568] setpgid(0, 0) = 0 [pid 5568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5568] write(3, "1000", 4) = 4 [pid 5568] close(3) = 0 [pid 5568] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5568] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5568] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5569 attached , parent_tid=[5569], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5569 [pid 5569] set_robust_list(0x7f40088a79e0, 24 [pid 5568] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5569] <... set_robust_list resumed>) = 0 [pid 5569] memfd_create("syzkaller", 0) = 3 [pid 5569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5569] munmap(0x7f4000487000, 1048576) = 0 [pid 5569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5569] close(3) = 0 [pid 5569] mkdir("./file0", 0777) = 0 [pid 5569] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5569] chdir("./file0") = 0 [pid 5569] ioctl(4, LOOP_CLR_FD) = 0 [pid 5569] close(4) = 0 [pid 5569] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5569] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5569] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... openat resumed>) = 4 [pid 5569] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5569] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5568] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... ioctl resumed>) = 0 [pid 5568] <... futex resumed>) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5569] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] <... mmap resumed>) = 0x7f4000566000 [pid 5569] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5572], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5572 ./strace-static-x86_64: Process 5572 attached [pid 5568] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5572] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5572] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5572] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = 0 [pid 5568] <... futex resumed>) = 1 [pid 5569] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5568] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... write resumed>) = 7 [pid 5569] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5568] exit_group(0 [pid 5572] <... futex resumed>) = ? [pid 5568] <... exit_group resumed>) = ? [pid 5572] +++ exited with 0 +++ [pid 5569] +++ exited with 0 +++ [pid 5568] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5568, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 62.068403][ T5569] loop0: detected capacity change from 0 to 2048 [ 62.078580][ T5569] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5573 ./strace-static-x86_64: Process 5573 attached [pid 5573] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5573] chdir("./101") = 0 [pid 5573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5573] setpgid(0, 0) = 0 [pid 5573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5573] write(3, "1000", 4) = 4 [pid 5573] close(3) = 0 [pid 5573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5573] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5573] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5573] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5574 attached , parent_tid=[5574], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5574 [pid 5574] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5573] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] memfd_create("syzkaller", 0 [pid 5573] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5574] <... memfd_create resumed>) = 3 [pid 5574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5574] munmap(0x7f4000487000, 1048576) = 0 [pid 5574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5574] close(3) = 0 [pid 5574] mkdir("./file0", 0777) = 0 [pid 5574] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5574] chdir("./file0") = 0 [pid 5574] ioctl(4, LOOP_CLR_FD) = 0 [pid 5574] close(4) = 0 [pid 5574] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5574] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5573] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] <... openat resumed>) = 4 [pid 5574] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = 0 [pid 5573] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] <... futex resumed>) = 1 [pid 5573] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5573] <... futex resumed>) = 0 [pid 5574] <... ioctl resumed>) = 0 [pid 5573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5573] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5574] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5574] <... futex resumed>) = 0 [pid 5574] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] <... clone resumed>, parent_tid=[5577], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5577 [pid 5573] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5577 attached [pid 5577] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5577] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5577] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5577] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... futex resumed>) = 0 [pid 5573] <... futex resumed>) = 1 [pid 5574] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5573] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] <... write resumed>) = 7 [pid 5574] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5574] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] exit_group(0 [pid 5577] <... futex resumed>) = ? [pid 5574] <... futex resumed>) = ? [pid 5573] <... exit_group resumed>) = ? [pid 5577] +++ exited with 0 +++ [pid 5574] +++ exited with 0 +++ [pid 5573] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5573, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 [ 62.189461][ T5574] loop0: detected capacity change from 0 to 2048 [ 62.199145][ T5574] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5578 ./strace-static-x86_64: Process 5578 attached [pid 5578] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5578] chdir("./102") = 0 [pid 5578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5578] setpgid(0, 0) = 0 [pid 5578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5578] write(3, "1000", 4) = 4 [pid 5578] close(3) = 0 [pid 5578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5578] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5578] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5578] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5579], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5579 [pid 5578] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5579 attached [pid 5579] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5579] memfd_create("syzkaller", 0) = 3 [pid 5579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5579] munmap(0x7f4000487000, 1048576) = 0 [pid 5579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5579] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5579] close(3) = 0 [pid 5579] mkdir("./file0", 0777) = 0 [pid 5579] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5579] chdir("./file0") = 0 [pid 5579] ioctl(4, LOOP_CLR_FD) = 0 [pid 5579] close(4) = 0 [pid 5579] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5579] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5578] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5578] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5579] <... futex resumed>) = 1 [pid 5578] <... clone resumed>, parent_tid=[5582], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5582 [pid 5579] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5578] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... ioctl resumed>) = 0 [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5582 attached [pid 5582] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5582] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5582] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = 0 [pid 5578] <... futex resumed>) = 1 [pid 5579] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5578] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] <... write resumed>) = 7 [pid 5579] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5582] <... futex resumed>) = 1 [pid 5579] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] exit_group(0 [pid 5579] <... futex resumed>) = ? [pid 5578] <... exit_group resumed>) = ? [pid 5579] +++ exited with 0 +++ [pid 5582] +++ exited with 0 +++ [pid 5578] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5578, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 62.290061][ T5579] loop0: detected capacity change from 0 to 2048 [ 62.299404][ T5579] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5583 ./strace-static-x86_64: Process 5583 attached [pid 5583] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5583] chdir("./103") = 0 [pid 5583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5583] setpgid(0, 0) = 0 [pid 5583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5583] write(3, "1000", 4) = 4 [pid 5583] close(3) = 0 [pid 5583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5583] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5583] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5583] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5584], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5584 [pid 5583] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5584 attached [pid 5584] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5584] memfd_create("syzkaller", 0) = 3 [pid 5584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5584] munmap(0x7f4000487000, 1048576) = 0 [pid 5584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5584] close(3) = 0 [pid 5584] mkdir("./file0", 0777) = 0 [pid 5584] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5584] chdir("./file0") = 0 [pid 5584] ioctl(4, LOOP_CLR_FD) = 0 [pid 5584] close(4) = 0 [pid 5584] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5584] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5584] <... futex resumed>) = 1 [pid 5583] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5584] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5583] <... mprotect resumed>) = 0 [pid 5584] <... ioctl resumed>) = 0 [pid 5583] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5584] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] <... clone resumed>, parent_tid=[5587], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5587 [pid 5584] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5587 attached [pid 5587] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5587] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5587] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5584] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5583] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... futex resumed>) = 1 [pid 5584] <... write resumed>) = 7 [pid 5584] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] exit_group(0 [pid 5587] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] <... futex resumed>) = ? [pid 5583] <... exit_group resumed>) = ? [pid 5587] <... futex resumed>) = ? [pid 5584] +++ exited with 0 +++ [pid 5587] +++ exited with 0 +++ [pid 5583] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5583, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 [ 62.397067][ T5584] loop0: detected capacity change from 0 to 2048 [ 62.406155][ T5584] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5588 ./strace-static-x86_64: Process 5588 attached [pid 5588] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5588] chdir("./104") = 0 [pid 5588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5588] setpgid(0, 0) = 0 [pid 5588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5588] write(3, "1000", 4) = 4 [pid 5588] close(3) = 0 [pid 5588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5588] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5588] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5588] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5589], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5589 [pid 5588] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5589 attached [pid 5589] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5589] memfd_create("syzkaller", 0) = 3 [pid 5589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5589] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5589] munmap(0x7f4000487000, 1048576) = 0 [pid 5589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5589] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5589] close(3) = 0 [pid 5589] mkdir("./file0", 0777) = 0 [pid 5589] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5589] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5589] chdir("./file0") = 0 [pid 5589] ioctl(4, LOOP_CLR_FD) = 0 [pid 5589] close(4) = 0 [pid 5589] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... futex resumed>) = 1 [pid 5589] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5589] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... futex resumed>) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5589] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5588] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... ioctl resumed>) = 0 [pid 5588] <... futex resumed>) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5589] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... mmap resumed>) = 0x7f4000566000 [pid 5589] <... futex resumed>) = 0 [pid 5588] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5589] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] <... mprotect resumed>) = 0 [pid 5588] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5592], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5592 [pid 5588] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5592 attached [pid 5592] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5592] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5592] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... futex resumed>) = 0 [pid 5588] <... futex resumed>) = 1 [pid 5589] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5588] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... futex resumed>) = 1 [pid 5592] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5589] <... write resumed>) = 7 [pid 5589] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5589] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] exit_group(0 [pid 5589] <... futex resumed>) = ? [pid 5588] <... exit_group resumed>) = ? [pid 5589] +++ exited with 0 +++ [pid 5592] <... futex resumed>) = ? [pid 5592] +++ exited with 0 +++ [pid 5588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5588, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 [ 62.507093][ T5589] loop0: detected capacity change from 0 to 2048 [ 62.517001][ T5589] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5593 ./strace-static-x86_64: Process 5593 attached [pid 5593] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5593] chdir("./105") = 0 [pid 5593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5593] setpgid(0, 0) = 0 [pid 5593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5593] write(3, "1000", 4) = 4 [pid 5593] close(3) = 0 [pid 5593] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5593] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5593] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5593] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5594], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5594 [pid 5593] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5594 attached [pid 5594] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5594] memfd_create("syzkaller", 0) = 3 [pid 5594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5594] munmap(0x7f4000487000, 1048576) = 0 [pid 5594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5594] close(3) = 0 [pid 5594] mkdir("./file0", 0777) = 0 [pid 5594] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5594] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5594] chdir("./file0") = 0 [pid 5594] ioctl(4, LOOP_CLR_FD) = 0 [pid 5594] close(4) = 0 [pid 5594] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] <... futex resumed>) = 0 [pid 5593] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5594] <... futex resumed>) = 0 [pid 5594] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5594] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... futex resumed>) = 0 [pid 5593] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... futex resumed>) = 1 [pid 5593] <... futex resumed>) = 0 [pid 5594] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5593] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5593] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5593] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5597], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5597 ./strace-static-x86_64: Process 5597 attached [pid 5593] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5597] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5594] <... ioctl resumed>) = 0 [pid 5594] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] <... openat resumed>) = 5 [pid 5597] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] <... futex resumed>) = 0 [pid 5597] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5594] <... futex resumed>) = 0 [pid 5594] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5594] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... futex resumed>) = 0 [pid 5593] exit_group(0) = ? [pid 5597] <... futex resumed>) = ? [pid 5597] +++ exited with 0 +++ [pid 5594] <... futex resumed>) = ? [pid 5594] +++ exited with 0 +++ [pid 5593] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5593, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 [ 62.608683][ T5594] loop0: detected capacity change from 0 to 2048 [ 62.618463][ T5594] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5598 ./strace-static-x86_64: Process 5598 attached [pid 5598] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5598] chdir("./106") = 0 [pid 5598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5598] setpgid(0, 0) = 0 [pid 5598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5598] write(3, "1000", 4) = 4 [pid 5598] close(3) = 0 [pid 5598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5598] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5598] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5598] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5599 attached , parent_tid=[5599], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5599 [pid 5598] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5599] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5599] memfd_create("syzkaller", 0) = 3 [pid 5599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5599] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5599] munmap(0x7f4000487000, 1048576) = 0 [pid 5599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5599] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5599] close(3) = 0 [pid 5599] mkdir("./file0", 0777) = 0 [pid 5599] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5599] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5599] chdir("./file0") = 0 [pid 5599] ioctl(4, LOOP_CLR_FD) = 0 [pid 5599] close(4) = 0 [pid 5599] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5598] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5599] <... futex resumed>) = 1 [pid 5599] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5599] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5598] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5598] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5598] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5602], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5602 [pid 5598] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5599] <... futex resumed>) = 1 [pid 5599] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5599] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5599] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5602 attached [pid 5602] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5602] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5602] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5598] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5598] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5599] <... futex resumed>) = 0 [pid 5599] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5599] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5598] exit_group(0) = ? [pid 5599] <... futex resumed>) = ? [ 62.706665][ T5599] loop0: detected capacity change from 0 to 2048 [ 62.716103][ T5599] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5602] <... futex resumed>) = ? [pid 5599] +++ exited with 0 +++ [pid 5602] +++ exited with 0 +++ [pid 5598] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5598, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5603 ./strace-static-x86_64: Process 5603 attached [pid 5603] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5603] chdir("./107") = 0 [pid 5603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5603] setpgid(0, 0) = 0 [pid 5603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5603] write(3, "1000", 4) = 4 [pid 5603] close(3) = 0 [pid 5603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5603] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5603] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5603] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5604], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5604 [pid 5603] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5604 attached [pid 5604] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5604] memfd_create("syzkaller", 0) = 3 [pid 5604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5604] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5604] munmap(0x7f4000487000, 1048576) = 0 [pid 5604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5604] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5604] close(3) = 0 [pid 5604] mkdir("./file0", 0777) = 0 [pid 5604] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5604] chdir("./file0") = 0 [pid 5604] ioctl(4, LOOP_CLR_FD) = 0 [pid 5604] close(4) = 0 [pid 5604] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5603] <... futex resumed>) = 0 [pid 5603] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5604] <... futex resumed>) = 0 [pid 5604] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5604] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = 0 [pid 5603] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5603] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5604] <... futex resumed>) = 1 [pid 5603] <... mprotect resumed>) = 0 [pid 5604] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5603] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5607], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5607 [pid 5603] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5607 attached [pid 5607] set_robust_list(0x7f40005869e0, 24 [pid 5604] <... ioctl resumed>) = 0 [pid 5607] <... set_robust_list resumed>) = 0 [pid 5604] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5607] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = 0 [pid 5603] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... futex resumed>) = 1 [pid 5607] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] <... futex resumed>) = 1 [pid 5603] <... futex resumed>) = 0 [pid 5604] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5603] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5604] <... write resumed>) = 7 [pid 5604] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] <... futex resumed>) = 0 [pid 5604] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5603] exit_group(0 [pid 5604] <... futex resumed>) = ? [pid 5607] <... futex resumed>) = ? [pid 5603] <... exit_group resumed>) = ? [pid 5604] +++ exited with 0 +++ [pid 5607] +++ exited with 0 +++ [pid 5603] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5603, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 62.830451][ T5604] loop0: detected capacity change from 0 to 2048 [ 62.839567][ T5604] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5608 ./strace-static-x86_64: Process 5608 attached [pid 5608] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5608] chdir("./108") = 0 [pid 5608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5608] setpgid(0, 0) = 0 [pid 5608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5608] write(3, "1000", 4) = 4 [pid 5608] close(3) = 0 [pid 5608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5608] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5608] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5608] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5609 attached , parent_tid=[5609], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5609 [pid 5609] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5609] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5609] memfd_create("syzkaller", 0) = 3 [pid 5609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5609] munmap(0x7f4000487000, 1048576) = 0 [pid 5609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5609] close(3) = 0 [pid 5609] mkdir("./file0", 0777) = 0 [pid 5609] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5609] chdir("./file0") = 0 [pid 5609] ioctl(4, LOOP_CLR_FD) = 0 [pid 5609] close(4) = 0 [pid 5609] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5609] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... futex resumed>) = 0 [pid 5609] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5609] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5608] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5608] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5609] <... futex resumed>) = 1 [pid 5609] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5608] <... clone resumed>, parent_tid=[5612], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5612 [pid 5609] <... ioctl resumed>) = 0 [pid 5608] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5609] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... futex resumed>) = 0 [pid 5609] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5612 attached [pid 5612] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5612] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5612] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = 0 [pid 5608] <... futex resumed>) = 1 [pid 5609] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5608] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... futex resumed>) = 1 [pid 5612] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5609] <... write resumed>) = 7 [pid 5609] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5609] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] exit_group(0 [pid 5612] <... futex resumed>) = ? [pid 5609] <... futex resumed>) = ? [pid 5608] <... exit_group resumed>) = ? [pid 5609] +++ exited with 0 +++ [pid 5612] +++ exited with 0 +++ [pid 5608] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5608, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./108/binderfs") = 0 [ 62.942479][ T5609] loop0: detected capacity change from 0 to 2048 [ 62.952109][ T5609] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5613 ./strace-static-x86_64: Process 5613 attached [pid 5613] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5613] chdir("./109") = 0 [pid 5613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5613] setpgid(0, 0) = 0 [pid 5613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5613] write(3, "1000", 4) = 4 [pid 5613] close(3) = 0 [pid 5613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5613] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5613] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5613] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5614 attached , parent_tid=[5614], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5614 [pid 5614] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5614] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5614] memfd_create("syzkaller", 0 [pid 5613] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5614] <... memfd_create resumed>) = 3 [pid 5614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5614] munmap(0x7f4000487000, 1048576) = 0 [pid 5614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5614] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5614] close(3) = 0 [pid 5614] mkdir("./file0", 0777) = 0 [pid 5614] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5614] chdir("./file0") = 0 [pid 5614] ioctl(4, LOOP_CLR_FD) = 0 [pid 5614] close(4) = 0 [pid 5614] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] <... futex resumed>) = 0 [pid 5613] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] <... futex resumed>) = 0 [pid 5614] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5614] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] <... futex resumed>) = 0 [pid 5614] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5613] <... futex resumed>) = 0 [pid 5614] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5613] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5613] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5614] <... ioctl resumed>) = 0 [pid 5613] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5614] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] <... clone resumed>, parent_tid=[5617], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5617 [pid 5614] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5617 attached [pid 5613] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5617] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5617] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] <... futex resumed>) = 0 [pid 5613] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5613] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5617] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] <... write resumed>) = 7 [pid 5614] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] <... futex resumed>) = 0 [pid 5614] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] exit_group(0) = ? [pid 5614] <... futex resumed>) = ? [pid 5614] +++ exited with 0 +++ [pid 5617] <... futex resumed>) = ? [pid 5617] +++ exited with 0 +++ [pid 5613] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5613, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 63.049921][ T5614] loop0: detected capacity change from 0 to 2048 [ 63.060284][ T5614] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5618 ./strace-static-x86_64: Process 5618 attached [pid 5618] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5618] chdir("./110") = 0 [pid 5618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5618] setpgid(0, 0) = 0 [pid 5618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5618] write(3, "1000", 4) = 4 [pid 5618] close(3) = 0 [pid 5618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5618] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5618] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5618] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5619], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5619 ./strace-static-x86_64: Process 5619 attached [pid 5618] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5619] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5619] memfd_create("syzkaller", 0) = 3 [pid 5619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5619] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5619] munmap(0x7f4000487000, 1048576) = 0 [pid 5619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5619] close(3) = 0 [pid 5619] mkdir("./file0", 0777) = 0 [pid 5619] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5619] chdir("./file0") = 0 [pid 5619] ioctl(4, LOOP_CLR_FD) = 0 [pid 5619] close(4) = 0 [pid 5619] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... futex resumed>) = 0 [pid 5619] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5619] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5618] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5618] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5622], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5622 ./strace-static-x86_64: Process 5622 attached [pid 5619] <... futex resumed>) = 1 [pid 5618] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] set_robust_list(0x7f40005869e0, 24 [pid 5618] <... futex resumed>) = 0 [pid 5619] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5618] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... set_robust_list resumed>) = 0 [pid 5619] <... ioctl resumed>) = 0 [pid 5622] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5619] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5622] <... futex resumed>) = 1 [pid 5619] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] <... futex resumed>) = 0 [pid 5622] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5618] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... write resumed>) = 7 [pid 5619] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [ 63.165107][ T5619] loop0: detected capacity change from 0 to 2048 [ 63.174909][ T5619] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5619] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] exit_group(0) = ? [pid 5619] <... futex resumed>) = ? [pid 5622] <... futex resumed>) = ? [pid 5619] +++ exited with 0 +++ [pid 5622] +++ exited with 0 +++ [pid 5618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5618, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5623 ./strace-static-x86_64: Process 5623 attached [pid 5623] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5623] chdir("./111") = 0 [pid 5623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5623] setpgid(0, 0) = 0 [pid 5623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5623] write(3, "1000", 4) = 4 [pid 5623] close(3) = 0 [pid 5623] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5623] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5623] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5623] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5624 attached , parent_tid=[5624], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5624 [pid 5624] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5624] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5623] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5624] memfd_create("syzkaller", 0) = 3 [pid 5624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5624] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5624] munmap(0x7f4000487000, 1048576) = 0 [pid 5624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5624] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5624] close(3) = 0 [pid 5624] mkdir("./file0", 0777) = 0 [pid 5624] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5624] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5624] chdir("./file0") = 0 [pid 5624] ioctl(4, LOOP_CLR_FD) = 0 [pid 5624] close(4) = 0 [pid 5624] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] <... futex resumed>) = 1 [pid 5624] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5624] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5624] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5623] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5623] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5627], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5627 [pid 5623] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... ioctl resumed>) = 0 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5627 attached ) = 0 [pid 5624] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5627] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5627] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5627] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5627] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = 0 [pid 5623] <... futex resumed>) = 1 [pid 5624] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5623] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] <... write resumed>) = 7 [pid 5624] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5624] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] exit_group(0 [pid 5627] <... futex resumed>) = ? [pid 5624] <... futex resumed>) = ? [pid 5623] <... exit_group resumed>) = ? [pid 5627] +++ exited with 0 +++ [pid 5624] +++ exited with 0 +++ [pid 5623] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5623, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 63.272249][ T5624] loop0: detected capacity change from 0 to 2048 [ 63.282303][ T5624] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5628 ./strace-static-x86_64: Process 5628 attached [pid 5628] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5628] chdir("./112") = 0 [pid 5628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5628] setpgid(0, 0) = 0 [pid 5628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5628] write(3, "1000", 4) = 4 [pid 5628] close(3) = 0 [pid 5628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5628] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5628] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5628] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5629 attached [pid 5629] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5629] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] <... clone resumed>, parent_tid=[5629], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5629 [pid 5628] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5629] <... futex resumed>) = 0 [pid 5629] memfd_create("syzkaller", 0 [pid 5628] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5629] <... memfd_create resumed>) = 3 [pid 5629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5629] munmap(0x7f4000487000, 1048576) = 0 [pid 5629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5629] close(3) = 0 [pid 5629] mkdir("./file0", 0777) = 0 [pid 5629] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5629] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5629] chdir("./file0") = 0 [pid 5629] ioctl(4, LOOP_CLR_FD) = 0 [pid 5629] close(4) = 0 [pid 5629] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5629] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] <... futex resumed>) = 0 [pid 5628] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... futex resumed>) = 0 [pid 5629] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5629] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5628] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5628] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5629] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5628] <... mmap resumed>) = 0x7f4000566000 [pid 5628] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5628] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5632], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5632 ./strace-static-x86_64: Process 5632 attached [pid 5629] <... ioctl resumed>) = 0 [pid 5628] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... futex resumed>) = 0 [pid 5629] <... futex resumed>) = 0 [pid 5628] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5632] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5632] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... futex resumed>) = 0 [pid 5628] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = 0 [pid 5628] <... futex resumed>) = 1 [pid 5629] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5628] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5632] <... futex resumed>) = 1 [pid 5632] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] <... write resumed>) = 7 [pid 5629] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5629] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] exit_group(0 [pid 5632] <... futex resumed>) = ? [pid 5629] <... futex resumed>) = ? [pid 5628] <... exit_group resumed>) = ? [pid 5632] +++ exited with 0 +++ [pid 5629] +++ exited with 0 +++ [pid 5628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5628, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 [ 63.382407][ T5629] loop0: detected capacity change from 0 to 2048 [ 63.392532][ T5629] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5633 ./strace-static-x86_64: Process 5633 attached [pid 5633] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5633] chdir("./113") = 0 [pid 5633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5633] setpgid(0, 0) = 0 [pid 5633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5633] write(3, "1000", 4) = 4 [pid 5633] close(3) = 0 [pid 5633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5633] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5633] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5633] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5634 attached , parent_tid=[5634], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5634 [pid 5633] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5634] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5634] memfd_create("syzkaller", 0) = 3 [pid 5634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5634] munmap(0x7f4000487000, 1048576) = 0 [pid 5634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5634] close(3) = 0 [pid 5634] mkdir("./file0", 0777) = 0 [pid 5634] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5634] chdir("./file0") = 0 [pid 5634] ioctl(4, LOOP_CLR_FD) = 0 [pid 5634] close(4) = 0 [pid 5634] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] <... futex resumed>) = 0 [pid 5634] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5633] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5633] <... futex resumed>) = 0 [pid 5634] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5633] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] <... openat resumed>) = 4 [pid 5634] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] <... futex resumed>) = 0 [pid 5634] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5633] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5633] <... futex resumed>) = 0 [pid 5634] <... ioctl resumed>) = 0 [pid 5633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5634] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] <... mmap resumed>) = 0x7f4000566000 [pid 5633] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5634] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5633] <... mprotect resumed>) = 0 [pid 5633] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5637], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5637 [pid 5633] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5637 attached [pid 5637] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5637] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5637] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] <... futex resumed>) = 0 [pid 5633] <... futex resumed>) = 1 [pid 5634] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5633] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... futex resumed>) = 1 [pid 5634] <... write resumed>) = 7 [pid 5637] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] <... futex resumed>) = 0 [pid 5634] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5633] exit_group(0 [pid 5637] <... futex resumed>) = ? [pid 5634] <... futex resumed>) = ? [pid 5633] <... exit_group resumed>) = ? [pid 5637] +++ exited with 0 +++ [pid 5634] +++ exited with 0 +++ [pid 5633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5633, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 [ 63.490260][ T5634] loop0: detected capacity change from 0 to 2048 [ 63.499829][ T5634] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5638 ./strace-static-x86_64: Process 5638 attached [pid 5638] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5638] chdir("./114") = 0 [pid 5638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5638] setpgid(0, 0) = 0 [pid 5638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5638] write(3, "1000", 4) = 4 [pid 5638] close(3) = 0 [pid 5638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5638] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5638] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5638] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5639], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5639 [pid 5638] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5639 attached [pid 5639] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5639] memfd_create("syzkaller", 0) = 3 [pid 5639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5639] munmap(0x7f4000487000, 1048576) = 0 [pid 5639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5639] close(3) = 0 [pid 5639] mkdir("./file0", 0777) = 0 [pid 5639] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5639] chdir("./file0") = 0 [pid 5639] ioctl(4, LOOP_CLR_FD) = 0 [pid 5639] close(4) = 0 [pid 5639] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... openat resumed>) = 4 [pid 5639] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5638] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5638] <... futex resumed>) = 0 [pid 5639] <... ioctl resumed>) = 0 [pid 5638] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 0 [pid 5638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5639] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... mmap resumed>) = 0x7f4000566000 [pid 5638] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5638] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5642], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5642 [pid 5638] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5642 attached [pid 5642] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5642] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5642] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5638] <... futex resumed>) = 1 [pid 5639] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5638] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... write resumed>) = 7 [pid 5639] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] exit_group(0 [pid 5639] <... futex resumed>) = ? [pid 5638] <... exit_group resumed>) = ? [pid 5639] +++ exited with 0 +++ [pid 5642] <... futex resumed>) = ? [pid 5642] +++ exited with 0 +++ [pid 5638] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5638, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 [ 63.590536][ T5639] loop0: detected capacity change from 0 to 2048 [ 63.600101][ T5639] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5643 ./strace-static-x86_64: Process 5643 attached [pid 5643] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5643] chdir("./115") = 0 [pid 5643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5643] setpgid(0, 0) = 0 [pid 5643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5643] write(3, "1000", 4) = 4 [pid 5643] close(3) = 0 [pid 5643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5643] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5643] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5643] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5644 attached , parent_tid=[5644], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5644 [pid 5644] set_robust_list(0x7f40088a79e0, 24 [pid 5643] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5644] <... set_robust_list resumed>) = 0 [pid 5644] memfd_create("syzkaller", 0) = 3 [pid 5644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5644] munmap(0x7f4000487000, 1048576) = 0 [pid 5644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5644] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5644] close(3) = 0 [pid 5644] mkdir("./file0", 0777) = 0 [pid 5644] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5644] chdir("./file0") = 0 [pid 5644] ioctl(4, LOOP_CLR_FD) = 0 [pid 5644] close(4) = 0 [pid 5644] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5643] <... futex resumed>) = 0 [pid 5644] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5643] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5643] <... futex resumed>) = 0 [pid 5644] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5643] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5644] <... openat resumed>) = 4 [pid 5644] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5643] <... futex resumed>) = 0 [pid 5644] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5643] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5643] <... futex resumed>) = 0 [pid 5644] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5643] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... ioctl resumed>) = 0 [pid 5643] <... futex resumed>) = 0 [pid 5644] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5644] <... futex resumed>) = 0 [pid 5643] <... mmap resumed>) = 0x7f4000566000 [pid 5644] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5643] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5643] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5647], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5647 [pid 5643] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5647 attached ) = 0 [pid 5643] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5647] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5647] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5643] <... futex resumed>) = 0 [pid 5647] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5643] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... futex resumed>) = 0 [pid 5643] <... futex resumed>) = 1 [pid 5644] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5643] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5644] <... write resumed>) = 7 [pid 5644] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5643] <... futex resumed>) = 0 [pid 5644] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5643] exit_group(0 [pid 5647] <... futex resumed>) = ? [pid 5644] <... futex resumed>) = ? [pid 5643] <... exit_group resumed>) = ? [pid 5647] +++ exited with 0 +++ [pid 5644] +++ exited with 0 +++ [pid 5643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5643, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 [ 63.699452][ T5644] loop0: detected capacity change from 0 to 2048 [ 63.709756][ T5644] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5648 attached , child_tidptr=0x5555570c15d0) = 5648 [pid 5648] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5648] chdir("./116") = 0 [pid 5648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5648] setpgid(0, 0) = 0 [pid 5648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5648] write(3, "1000", 4) = 4 [pid 5648] close(3) = 0 [pid 5648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5648] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5648] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5648] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5649], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5649 [pid 5648] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5649 attached [pid 5649] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5649] memfd_create("syzkaller", 0) = 3 [pid 5649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5649] munmap(0x7f4000487000, 1048576) = 0 [pid 5649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5649] close(3) = 0 [pid 5649] mkdir("./file0", 0777) = 0 [pid 5649] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5649] chdir("./file0") = 0 [pid 5649] ioctl(4, LOOP_CLR_FD) = 0 [pid 5649] close(4) = 0 [pid 5649] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5649] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5648] <... futex resumed>) = 0 [pid 5649] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5648] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] <... openat resumed>) = 4 [pid 5649] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5649] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5648] <... futex resumed>) = 0 [pid 5649] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5648] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... ioctl resumed>) = 0 [pid 5648] <... futex resumed>) = 0 [pid 5648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5649] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] <... mmap resumed>) = 0x7f4000566000 [pid 5648] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5649] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] <... mprotect resumed>) = 0 [pid 5648] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5652], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5652 [pid 5648] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5652 attached [pid 5652] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5652] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5652] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... futex resumed>) = 0 [pid 5648] <... futex resumed>) = 1 [pid 5649] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5648] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5652] <... futex resumed>) = 1 [pid 5652] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] <... write resumed>) = 7 [pid 5649] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5649] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] exit_group(0 [pid 5649] <... futex resumed>) = ? [pid 5648] <... exit_group resumed>) = ? [pid 5649] +++ exited with 0 +++ [pid 5652] <... futex resumed>) = ? [pid 5652] +++ exited with 0 +++ [pid 5648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5648, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 [ 63.812321][ T5649] loop0: detected capacity change from 0 to 2048 [ 63.822575][ T5649] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5653 ./strace-static-x86_64: Process 5653 attached [pid 5653] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5653] chdir("./117") = 0 [pid 5653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5653] setpgid(0, 0) = 0 [pid 5653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5653] write(3, "1000", 4) = 4 [pid 5653] close(3) = 0 [pid 5653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5653] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5653] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5653] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5654 attached , parent_tid=[5654], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5654 [pid 5654] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5654] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5653] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5654] memfd_create("syzkaller", 0) = 3 [pid 5654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5654] munmap(0x7f4000487000, 1048576) = 0 [pid 5654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5654] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5654] close(3) = 0 [pid 5654] mkdir("./file0", 0777) = 0 [pid 5654] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5654] chdir("./file0") = 0 [pid 5654] ioctl(4, LOOP_CLR_FD) = 0 [pid 5654] close(4) = 0 [pid 5654] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = 0 [pid 5653] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5654] <... futex resumed>) = 1 [pid 5654] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5654] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = 0 [pid 5653] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] <... futex resumed>) = 1 [pid 5653] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5653] <... futex resumed>) = 0 [pid 5654] <... ioctl resumed>) = 0 [pid 5653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5654] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... mmap resumed>) = 0x7f4000566000 [pid 5654] <... futex resumed>) = 0 [pid 5653] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5654] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] <... mprotect resumed>) = 0 [pid 5653] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5657], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5657 [pid 5653] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5657 attached [pid 5657] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5657] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5657] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] <... futex resumed>) = 0 [pid 5653] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] <... futex resumed>) = 0 [pid 5653] <... futex resumed>) = 1 [pid 5654] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5653] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5654] <... write resumed>) = 7 [pid 5654] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] <... futex resumed>) = 0 [pid 5654] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] exit_group(0 [pid 5654] <... futex resumed>) = ? [pid 5653] <... exit_group resumed>) = ? [pid 5657] <... futex resumed>) = ? [pid 5654] +++ exited with 0 +++ [pid 5657] +++ exited with 0 +++ [pid 5653] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5653, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 63.924050][ T5654] loop0: detected capacity change from 0 to 2048 [ 63.933638][ T5654] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5658 ./strace-static-x86_64: Process 5658 attached [pid 5658] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5658] chdir("./118") = 0 [pid 5658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5658] setpgid(0, 0) = 0 [pid 5658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5658] write(3, "1000", 4) = 4 [pid 5658] close(3) = 0 [pid 5658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5658] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5658] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5658] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5659], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5659 [pid 5658] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5659 attached [pid 5659] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5659] memfd_create("syzkaller", 0) = 3 [pid 5659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5659] munmap(0x7f4000487000, 1048576) = 0 [pid 5659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5659] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5659] close(3) = 0 [pid 5659] mkdir("./file0", 0777) = 0 [pid 5659] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5659] chdir("./file0") = 0 [pid 5659] ioctl(4, LOOP_CLR_FD) = 0 [pid 5659] close(4) = 0 [pid 5659] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = 0 [pid 5659] <... futex resumed>) = 1 [pid 5658] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5658] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5659] <... openat resumed>) = 4 [pid 5659] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] <... futex resumed>) = 0 [pid 5659] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5658] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5658] <... futex resumed>) = 0 [pid 5658] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5659] <... ioctl resumed>) = 0 [pid 5658] <... mmap resumed>) = 0x7f4000566000 [pid 5659] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5659] <... futex resumed>) = 0 [pid 5658] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5659] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5662 attached [pid 5658] <... clone resumed>, parent_tid=[5662], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5662 [pid 5658] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5662] set_robust_list(0x7f40005869e0, 24 [pid 5658] <... futex resumed>) = 0 [pid 5662] <... set_robust_list resumed>) = 0 [pid 5658] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5662] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5662] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] <... futex resumed>) = 0 [pid 5662] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5658] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... futex resumed>) = 0 [pid 5658] <... futex resumed>) = 1 [pid 5659] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5658] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5659] <... write resumed>) = 7 [pid 5659] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] <... futex resumed>) = 0 [pid 5659] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5658] exit_group(0 [pid 5662] <... futex resumed>) = ? [pid 5659] <... futex resumed>) = ? [pid 5658] <... exit_group resumed>) = ? [pid 5662] +++ exited with 0 +++ [pid 5659] +++ exited with 0 +++ [pid 5658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5658, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 [ 64.031703][ T5659] loop0: detected capacity change from 0 to 2048 [ 64.042258][ T5659] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5663 ./strace-static-x86_64: Process 5663 attached [pid 5663] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5663] chdir("./119") = 0 [pid 5663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5663] setpgid(0, 0) = 0 [pid 5663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5663] write(3, "1000", 4) = 4 [pid 5663] close(3) = 0 [pid 5663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5663] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5663] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5663] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5664 attached , parent_tid=[5664], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5664 [pid 5663] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5664] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5664] memfd_create("syzkaller", 0) = 3 [pid 5664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5664] munmap(0x7f4000487000, 1048576) = 0 [pid 5664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5664] close(3) = 0 [pid 5664] mkdir("./file0", 0777) = 0 [pid 5664] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5664] chdir("./file0") = 0 [pid 5664] ioctl(4, LOOP_CLR_FD) = 0 [pid 5664] close(4) = 0 [pid 5664] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5663] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] <... futex resumed>) = 1 [pid 5664] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5664] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5663] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5663] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5663] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5667], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5667 [ 64.144201][ T5664] loop0: detected capacity change from 0 to 2048 [ 64.153285][ T5664] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5663] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5667 attached [pid 5664] <... futex resumed>) = 1 [pid 5667] set_robust_list(0x7f40005869e0, 24 [pid 5664] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5667] <... set_robust_list resumed>) = 0 [pid 5667] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5664] <... ioctl resumed>) = 0 [pid 5664] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5664] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] <... openat resumed>) = 5 [pid 5667] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5663] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... futex resumed>) = 1 [pid 5664] <... futex resumed>) = 0 [pid 5667] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5664] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5664] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5664] <... futex resumed>) = 1 [pid 5663] exit_group(0 [pid 5664] ???( [pid 5663] <... exit_group resumed>) = ? [pid 5667] <... futex resumed>) = ? [pid 5667] +++ exited with 0 +++ [pid 5664] <... ??? resumed>) = ? [pid 5664] +++ exited with 0 +++ [pid 5663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5663, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5668 ./strace-static-x86_64: Process 5668 attached [pid 5668] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5668] chdir("./120") = 0 [pid 5668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5668] setpgid(0, 0) = 0 [pid 5668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5668] write(3, "1000", 4) = 4 [pid 5668] close(3) = 0 [pid 5668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5668] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5668] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5668] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5669 attached , parent_tid=[5669], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5669 [pid 5669] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5669] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] <... futex resumed>) = 0 [pid 5668] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5669] memfd_create("syzkaller", 0) = 3 [pid 5669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5669] munmap(0x7f4000487000, 1048576) = 0 [pid 5669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5669] close(3) = 0 [pid 5669] mkdir("./file0", 0777) = 0 [pid 5669] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5669] chdir("./file0") = 0 [pid 5669] ioctl(4, LOOP_CLR_FD) = 0 [pid 5669] close(4) = 0 [pid 5669] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... futex resumed>) = 1 [pid 5669] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5669] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5668] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5669] <... futex resumed>) = 1 [pid 5668] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5672 attached [pid 5669] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5668] <... clone resumed>, parent_tid=[5672], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5672 [pid 5668] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... ioctl resumed>) = 0 [pid 5672] set_robust_list(0x7f40005869e0, 24 [pid 5669] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... set_robust_list resumed>) = 0 [pid 5669] <... futex resumed>) = 0 [pid 5672] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5669] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] <... openat resumed>) = 5 [pid 5672] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5668] <... futex resumed>) = 1 [pid 5669] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5668] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] <... futex resumed>) = 1 [pid 5672] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5669] <... write resumed>) = 7 [pid 5669] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [ 64.265073][ T5669] loop0: detected capacity change from 0 to 2048 [ 64.274960][ T5669] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5669] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] exit_group(0) = ? [pid 5669] <... futex resumed>) = ? [pid 5672] <... futex resumed>) = ? [pid 5669] +++ exited with 0 +++ [pid 5672] +++ exited with 0 +++ [pid 5668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5668, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5673 ./strace-static-x86_64: Process 5673 attached [pid 5673] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5673] chdir("./121") = 0 [pid 5673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5673] setpgid(0, 0) = 0 [pid 5673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5673] write(3, "1000", 4) = 4 [pid 5673] close(3) = 0 [pid 5673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5673] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5673] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5673] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5674 attached , parent_tid=[5674], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5674 [pid 5674] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5674] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5673] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5674] <... futex resumed>) = 0 [pid 5674] memfd_create("syzkaller", 0 [pid 5673] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5674] <... memfd_create resumed>) = 3 [pid 5674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5674] munmap(0x7f4000487000, 1048576) = 0 [pid 5674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5674] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5674] close(3) = 0 [pid 5674] mkdir("./file0", 0777) = 0 [pid 5674] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5674] chdir("./file0") = 0 [pid 5674] ioctl(4, LOOP_CLR_FD) = 0 [pid 5674] close(4) = 0 [pid 5674] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5673] <... futex resumed>) = 0 [pid 5674] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5673] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5673] <... futex resumed>) = 0 [pid 5674] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5673] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5674] <... openat resumed>) = 4 [pid 5674] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5673] <... futex resumed>) = 0 [pid 5674] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5673] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5673] <... futex resumed>) = 0 [pid 5674] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5673] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... ioctl resumed>) = 0 [pid 5673] <... futex resumed>) = 0 [pid 5674] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5674] <... futex resumed>) = 0 [pid 5673] <... mmap resumed>) = 0x7f4000566000 [pid 5674] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5673] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5673] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5677], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5677 [pid 5673] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5673] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5677 attached [pid 5677] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5677] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5677] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5673] <... futex resumed>) = 0 [pid 5677] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5673] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... futex resumed>) = 0 [pid 5673] <... futex resumed>) = 1 [pid 5674] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5673] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5674] <... write resumed>) = 7 [pid 5674] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5673] <... futex resumed>) = 0 [pid 5674] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5673] exit_group(0 [pid 5674] <... futex resumed>) = ? [pid 5673] <... exit_group resumed>) = ? [pid 5677] <... futex resumed>) = ? [pid 5674] +++ exited with 0 +++ [pid 5677] +++ exited with 0 +++ [pid 5673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5673, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 64.377260][ T5674] loop0: detected capacity change from 0 to 2048 [ 64.386456][ T5674] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5678 ./strace-static-x86_64: Process 5678 attached [pid 5678] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5678] chdir("./122") = 0 [pid 5678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5678] setpgid(0, 0) = 0 [pid 5678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5678] write(3, "1000", 4) = 4 [pid 5678] close(3) = 0 [pid 5678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5678] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5678] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5678] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5679], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5679 [pid 5678] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5679 attached [pid 5679] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5679] memfd_create("syzkaller", 0) = 3 [pid 5679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5679] munmap(0x7f4000487000, 1048576) = 0 [pid 5679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5679] close(3) = 0 [pid 5679] mkdir("./file0", 0777) = 0 [pid 5679] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5679] chdir("./file0") = 0 [pid 5679] ioctl(4, LOOP_CLR_FD) = 0 [pid 5679] close(4) = 0 [pid 5679] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = 0 [pid 5678] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... futex resumed>) = 1 [pid 5679] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5679] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = 0 [pid 5678] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5678] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5678] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5682], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5682 [pid 5678] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... futex resumed>) = 1 [pid 5679] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5679] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5679] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5682 attached [pid 5682] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5682] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5682] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5678] <... futex resumed>) = 0 [pid 5682] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5678] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5678] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... futex resumed>) = 0 [pid 5679] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5679] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5678] <... futex resumed>) = 0 [pid 5679] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5678] exit_group(0 [pid 5682] <... futex resumed>) = ? [pid 5679] <... futex resumed>) = ? [pid 5678] <... exit_group resumed>) = ? [pid 5682] +++ exited with 0 +++ [pid 5679] +++ exited with 0 +++ [pid 5678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5678, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 [ 64.489046][ T5679] loop0: detected capacity change from 0 to 2048 [ 64.499279][ T5679] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5683 ./strace-static-x86_64: Process 5683 attached [pid 5683] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5683] chdir("./123") = 0 [pid 5683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5683] setpgid(0, 0) = 0 [pid 5683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5683] write(3, "1000", 4) = 4 [pid 5683] close(3) = 0 [pid 5683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5683] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5683] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5683] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5684 attached , parent_tid=[5684], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5684 [pid 5684] set_robust_list(0x7f40088a79e0, 24 [pid 5683] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5684] <... set_robust_list resumed>) = 0 [pid 5683] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5684] memfd_create("syzkaller", 0) = 3 [pid 5684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5684] munmap(0x7f4000487000, 1048576) = 0 [pid 5684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5684] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5684] close(3) = 0 [pid 5684] mkdir("./file0", 0777) = 0 [pid 5684] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5684] chdir("./file0") = 0 [pid 5684] ioctl(4, LOOP_CLR_FD) = 0 [pid 5684] close(4) = 0 [pid 5684] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] <... futex resumed>) = 1 [pid 5684] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5684] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5683] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5683] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5687], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5687 [pid 5683] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] <... futex resumed>) = 1 [pid 5684] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 5687 attached ) = 0 [pid 5684] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5684] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5687] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5687] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] <... futex resumed>) = 0 [pid 5683] <... futex resumed>) = 1 [pid 5684] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5683] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... futex resumed>) = 1 [pid 5684] <... write resumed>) = 7 [pid 5687] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [pid 5684] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5683] exit_group(0 [pid 5687] <... futex resumed>) = ? [pid 5684] <... futex resumed>) = ? [pid 5683] <... exit_group resumed>) = ? [pid 5687] +++ exited with 0 +++ [pid 5684] +++ exited with 0 +++ [pid 5683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5683, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 [ 64.586610][ T5684] loop0: detected capacity change from 0 to 2048 [ 64.596756][ T5684] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5688 ./strace-static-x86_64: Process 5688 attached [pid 5688] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5688] chdir("./124") = 0 [pid 5688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5688] setpgid(0, 0) = 0 [pid 5688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5688] write(3, "1000", 4) = 4 [pid 5688] close(3) = 0 [pid 5688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5688] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5688] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5688] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5689], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5689 [pid 5688] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5689 attached [pid 5689] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5689] memfd_create("syzkaller", 0) = 3 [pid 5689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5689] munmap(0x7f4000487000, 1048576) = 0 [pid 5689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5689] close(3) = 0 [pid 5689] mkdir("./file0", 0777) = 0 [pid 5689] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5689] chdir("./file0") = 0 [pid 5689] ioctl(4, LOOP_CLR_FD) = 0 [pid 5689] close(4) = 0 [pid 5689] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] <... futex resumed>) = 0 [pid 5688] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... futex resumed>) = 0 [pid 5688] <... futex resumed>) = 1 [pid 5689] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5688] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5689] <... openat resumed>) = 4 [pid 5689] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = 0 [pid 5688] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... futex resumed>) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5689] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5689] <... ioctl resumed>) = 0 [pid 5688] <... mmap resumed>) = 0x7f4000566000 [pid 5688] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5689] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... mprotect resumed>) = 0 [pid 5689] <... futex resumed>) = 0 [pid 5688] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5689] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5692 attached [pid 5692] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5692] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] <... clone resumed>, parent_tid=[5692], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5692 [pid 5688] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5692] <... futex resumed>) = 0 [pid 5692] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5692] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = 0 [pid 5688] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... futex resumed>) = 0 [pid 5688] <... futex resumed>) = 1 [pid 5689] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5688] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5692] <... futex resumed>) = 1 [pid 5692] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] <... write resumed>) = 7 [pid 5689] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5689] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] exit_group(0) = ? [pid 5689] <... futex resumed>) = ? [pid 5689] +++ exited with 0 +++ [pid 5692] <... futex resumed>) = ? [pid 5692] +++ exited with 0 +++ [pid 5688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5688, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 [ 64.690619][ T5689] loop0: detected capacity change from 0 to 2048 [ 64.699575][ T5689] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5693 ./strace-static-x86_64: Process 5693 attached [pid 5693] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5693] chdir("./125") = 0 [pid 5693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5693] setpgid(0, 0) = 0 [pid 5693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5693] write(3, "1000", 4) = 4 [pid 5693] close(3) = 0 [pid 5693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5693] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5693] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5693] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5694], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5694 [pid 5693] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5694 attached [pid 5694] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5694] memfd_create("syzkaller", 0) = 3 [pid 5694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5694] munmap(0x7f4000487000, 1048576) = 0 [pid 5694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5694] close(3) = 0 [pid 5694] mkdir("./file0", 0777) = 0 [pid 5694] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5694] chdir("./file0") = 0 [pid 5694] ioctl(4, LOOP_CLR_FD) = 0 [pid 5694] close(4) = 0 [pid 5694] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5693] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] <... futex resumed>) = 1 [pid 5694] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5694] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5693] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5693] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5693] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5697], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5697 [pid 5693] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] <... futex resumed>) = 1 [pid 5694] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5694] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5694] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5697 attached [pid 5697] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5697] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5697] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5693] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] <... futex resumed>) = 0 [pid 5694] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5697] <... futex resumed>) = 1 [pid 5697] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5694] <... write resumed>) = 7 [pid 5694] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] <... futex resumed>) = 0 [pid 5694] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5693] exit_group(0 [pid 5694] <... futex resumed>) = ? [pid 5693] <... exit_group resumed>) = ? [pid 5697] <... futex resumed>) = ? [pid 5694] +++ exited with 0 +++ [ 64.797256][ T5694] loop0: detected capacity change from 0 to 2048 [ 64.806580][ T5694] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5697] +++ exited with 0 +++ [pid 5693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5693, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5698 ./strace-static-x86_64: Process 5698 attached [pid 5698] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5698] chdir("./126") = 0 [pid 5698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5698] setpgid(0, 0) = 0 [pid 5698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5698] write(3, "1000", 4) = 4 [pid 5698] close(3) = 0 [pid 5698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5698] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5698] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5698] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5699 attached , parent_tid=[5699], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5699 [pid 5699] set_robust_list(0x7f40088a79e0, 24 [pid 5698] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5699] <... set_robust_list resumed>) = 0 [pid 5699] memfd_create("syzkaller", 0) = 3 [pid 5699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5699] munmap(0x7f4000487000, 1048576) = 0 [pid 5699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5699] close(3) = 0 [pid 5699] mkdir("./file0", 0777) = 0 [pid 5699] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5699] chdir("./file0") = 0 [pid 5699] ioctl(4, LOOP_CLR_FD) = 0 [pid 5699] close(4) = 0 [pid 5699] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5699] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5699] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5698] <... mmap resumed>) = 0x7f4000566000 [pid 5698] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5698] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5702], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5702 [pid 5698] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5702 attached [pid 5698] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5702] set_robust_list(0x7f40005869e0, 24 [pid 5699] <... ioctl resumed>) = 0 [pid 5702] <... set_robust_list resumed>) = 0 [pid 5702] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5699] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... openat resumed>) = 5 [pid 5699] <... futex resumed>) = 0 [pid 5702] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] <... futex resumed>) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5702] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5699] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5698] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] <... write resumed>) = 7 [pid 5699] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5699] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] exit_group(0 [pid 5702] <... futex resumed>) = ? [pid 5699] <... futex resumed>) = ? [pid 5698] <... exit_group resumed>) = ? [pid 5702] +++ exited with 0 +++ [pid 5699] +++ exited with 0 +++ [pid 5698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5698, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 [ 64.911178][ T5699] loop0: detected capacity change from 0 to 2048 [ 64.920813][ T5699] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5703 attached , child_tidptr=0x5555570c15d0) = 5703 [pid 5703] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5703] chdir("./127") = 0 [pid 5703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5703] setpgid(0, 0) = 0 [pid 5703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5703] write(3, "1000", 4) = 4 [pid 5703] close(3) = 0 [pid 5703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5703] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5703] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5703] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5704], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5704 [pid 5703] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5704 attached [pid 5704] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5704] memfd_create("syzkaller", 0) = 3 [pid 5704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5704] munmap(0x7f4000487000, 1048576) = 0 [pid 5704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5704] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5704] close(3) = 0 [pid 5704] mkdir("./file0", 0777) = 0 [pid 5704] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5704] chdir("./file0") = 0 [pid 5704] ioctl(4, LOOP_CLR_FD) = 0 [pid 5704] close(4) = 0 [pid 5704] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5703] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... futex resumed>) = 1 [pid 5704] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5704] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5703] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5703] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5704] <... futex resumed>) = 1 [pid 5703] <... mprotect resumed>) = 0 [pid 5704] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5703] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5707 attached , parent_tid=[5707], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5707 [pid 5703] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5707] set_robust_list(0x7f40005869e0, 24 [pid 5703] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... set_robust_list resumed>) = 0 [pid 5707] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5704] <... ioctl resumed>) = 0 [pid 5707] <... openat resumed>) = 5 [pid 5704] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5707] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5707] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] <... futex resumed>) = 0 [pid 5703] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... futex resumed>) = 0 [pid 5703] <... futex resumed>) = 1 [pid 5704] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5703] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... write resumed>) = 7 [pid 5704] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] <... futex resumed>) = 0 [pid 5704] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] exit_group(0 [pid 5707] <... futex resumed>) = ? [pid 5704] <... futex resumed>) = ? [pid 5703] <... exit_group resumed>) = ? [pid 5707] +++ exited with 0 +++ [pid 5704] +++ exited with 0 +++ [pid 5703] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5703, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 65.022404][ T5704] loop0: detected capacity change from 0 to 2048 [ 65.031764][ T5704] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5708 attached , child_tidptr=0x5555570c15d0) = 5708 [pid 5708] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5708] chdir("./128") = 0 [pid 5708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] setpgid(0, 0) = 0 [pid 5708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] write(3, "1000", 4) = 4 [pid 5708] close(3) = 0 [pid 5708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5708] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5708] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5709 attached , parent_tid=[5709], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5709 [pid 5708] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5709] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5709] memfd_create("syzkaller", 0) = 3 [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5709] munmap(0x7f4000487000, 1048576) = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5709] close(3) = 0 [pid 5709] mkdir("./file0", 0777) = 0 [pid 5709] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5709] chdir("./file0") = 0 [pid 5709] ioctl(4, LOOP_CLR_FD) = 0 [pid 5709] close(4) = 0 [pid 5709] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... futex resumed>) = 1 [pid 5709] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5709] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5708] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5712], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5712 [pid 5708] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... futex resumed>) = 1 [pid 5709] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5709] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5712 attached [pid 5712] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5712] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5712] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... futex resumed>) = 0 [pid 5709] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5709] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5708] exit_group(0) = ? [pid 5709] <... futex resumed>) = ? [pid 5709] +++ exited with 0 +++ [pid 5712] <... futex resumed>) = ? [pid 5712] +++ exited with 0 +++ [pid 5708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5708, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 [ 65.141044][ T5709] loop0: detected capacity change from 0 to 2048 [ 65.150349][ T5709] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5713 ./strace-static-x86_64: Process 5713 attached [pid 5713] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5713] chdir("./129") = 0 [pid 5713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5713] setpgid(0, 0) = 0 [pid 5713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5713] write(3, "1000", 4) = 4 [pid 5713] close(3) = 0 [pid 5713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5713] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5713] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5714 attached , parent_tid=[5714], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5714 [pid 5714] set_robust_list(0x7f40088a79e0, 24 [pid 5713] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5714] <... set_robust_list resumed>) = 0 [pid 5714] memfd_create("syzkaller", 0) = 3 [pid 5714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5714] munmap(0x7f4000487000, 1048576) = 0 [pid 5714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5714] close(3) = 0 [pid 5714] mkdir("./file0", 0777) = 0 [pid 5714] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5714] chdir("./file0") = 0 [pid 5714] ioctl(4, LOOP_CLR_FD) = 0 [pid 5714] close(4) = 0 [pid 5714] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... futex resumed>) = 1 [pid 5714] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5714] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5713] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5717], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5717 [pid 5713] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... futex resumed>) = 1 [pid 5714] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5714] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5717 attached [pid 5717] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5717] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5717] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = 0 [pid 5713] <... futex resumed>) = 1 [pid 5714] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5713] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... write resumed>) = 7 [pid 5714] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5714] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] exit_group(0 [pid 5714] <... futex resumed>) = ? [pid 5713] <... exit_group resumed>) = ? [pid 5714] +++ exited with 0 +++ [pid 5717] <... futex resumed>) = ? [pid 5717] +++ exited with 0 +++ [pid 5713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5713, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 [ 65.263813][ T5714] loop0: detected capacity change from 0 to 2048 [ 65.272775][ T5714] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5718 ./strace-static-x86_64: Process 5718 attached [pid 5718] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5718] chdir("./130") = 0 [pid 5718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5718] setpgid(0, 0) = 0 [pid 5718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5718] write(3, "1000", 4) = 4 [pid 5718] close(3) = 0 [pid 5718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5718] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5718] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5718] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5719], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5719 [pid 5718] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5719 attached [pid 5719] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5719] memfd_create("syzkaller", 0) = 3 [pid 5719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5719] munmap(0x7f4000487000, 1048576) = 0 [pid 5719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5719] close(3) = 0 [pid 5719] mkdir("./file0", 0777) = 0 [pid 5719] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5719] chdir("./file0") = 0 [pid 5719] ioctl(4, LOOP_CLR_FD) = 0 [pid 5719] close(4) = 0 [pid 5719] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... futex resumed>) = 1 [pid 5719] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5719] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5718] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... ioctl resumed>) = 0 [pid 5718] <... futex resumed>) = 0 [pid 5719] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5719] <... futex resumed>) = 0 [pid 5718] <... mmap resumed>) = 0x7f4000566000 [pid 5719] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5718] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5722], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5722 [pid 5718] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5722 attached [pid 5722] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5722] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5722] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 0 [pid 5718] <... futex resumed>) = 1 [pid 5719] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5718] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] <... futex resumed>) = 1 [pid 5722] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5719] <... write resumed>) = 7 [pid 5719] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] exit_group(0 [pid 5722] <... futex resumed>) = ? [pid 5719] <... futex resumed>) = ? [pid 5718] <... exit_group resumed>) = ? [pid 5719] +++ exited with 0 +++ [pid 5722] +++ exited with 0 +++ [pid 5718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5718, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 [ 65.367277][ T5719] loop0: detected capacity change from 0 to 2048 [ 65.377102][ T5719] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5723 ./strace-static-x86_64: Process 5723 attached [pid 5723] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5723] chdir("./131") = 0 [pid 5723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5723] setpgid(0, 0) = 0 [pid 5723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5723] write(3, "1000", 4) = 4 [pid 5723] close(3) = 0 [pid 5723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5723] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5723] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5723] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5724], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5724 [pid 5723] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5724 attached [pid 5724] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5724] memfd_create("syzkaller", 0) = 3 [pid 5724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5724] munmap(0x7f4000487000, 1048576) = 0 [pid 5724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5724] close(3) = 0 [pid 5724] mkdir("./file0", 0777) = 0 [pid 5724] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5724] chdir("./file0") = 0 [pid 5724] ioctl(4, LOOP_CLR_FD) = 0 [pid 5724] close(4) = 0 [pid 5724] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5724] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5723] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] <... openat resumed>) = 4 [pid 5723] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5724] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5723] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] <... ioctl resumed>) = 0 [pid 5723] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5724] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... mmap resumed>) = 0x7f4000566000 [pid 5724] <... futex resumed>) = 0 [pid 5723] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5724] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] <... mprotect resumed>) = 0 [pid 5723] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5727], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5727 [pid 5723] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5727 attached [pid 5727] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5727] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5727] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = 0 [pid 5723] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = 0 [pid 5723] <... futex resumed>) = 1 [pid 5724] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5723] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] <... futex resumed>) = 1 [pid 5727] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] <... write resumed>) = 7 [pid 5724] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5724] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] exit_group(0 [pid 5724] <... futex resumed>) = ? [pid 5723] <... exit_group resumed>) = ? [pid 5724] +++ exited with 0 +++ [pid 5727] <... futex resumed>) = ? [pid 5727] +++ exited with 0 +++ [pid 5723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5723, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./131/binderfs") = 0 [ 65.468364][ T5724] loop0: detected capacity change from 0 to 2048 [ 65.477745][ T5724] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5728 ./strace-static-x86_64: Process 5728 attached [pid 5728] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5728] chdir("./132") = 0 [pid 5728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5728] setpgid(0, 0) = 0 [pid 5728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5728] write(3, "1000", 4) = 4 [pid 5728] close(3) = 0 [pid 5728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5728] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5728] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5728] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5729 attached , parent_tid=[5729], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5729 [pid 5729] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5729] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5729] memfd_create("syzkaller", 0 [pid 5728] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5729] <... memfd_create resumed>) = 3 [pid 5729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5729] munmap(0x7f4000487000, 1048576) = 0 [pid 5729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5729] close(3) = 0 [pid 5729] mkdir("./file0", 0777) = 0 [pid 5729] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5729] chdir("./file0") = 0 [pid 5729] ioctl(4, LOOP_CLR_FD) = 0 [pid 5729] close(4) = 0 [pid 5729] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5729] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5728] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] <... openat resumed>) = 4 [pid 5729] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5729] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5728] <... futex resumed>) = 0 [pid 5729] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5728] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] <... ioctl resumed>) = 0 [pid 5728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5729] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] <... mmap resumed>) = 0x7f4000566000 [pid 5729] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5728] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5732], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5732 [pid 5728] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5732 attached [pid 5732] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5732] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5732] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5729] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5728] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] <... futex resumed>) = 1 [pid 5729] <... write resumed>) = 7 [pid 5729] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5732] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] exit_group(0 [pid 5729] <... futex resumed>) = ? [pid 5728] <... exit_group resumed>) = ? [pid 5729] +++ exited with 0 +++ [pid 5732] <... futex resumed>) = ? [ 65.572537][ T5729] loop0: detected capacity change from 0 to 2048 [ 65.581829][ T5729] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5732] +++ exited with 0 +++ [pid 5728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5728, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5733 attached , child_tidptr=0x5555570c15d0) = 5733 [pid 5733] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5733] chdir("./133") = 0 [pid 5733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5733] setpgid(0, 0) = 0 [pid 5733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5733] write(3, "1000", 4) = 4 [pid 5733] close(3) = 0 [pid 5733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5733] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5733] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5733] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5734], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5734 [pid 5733] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5734 attached [pid 5734] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5734] memfd_create("syzkaller", 0) = 3 [pid 5734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5734] munmap(0x7f4000487000, 1048576) = 0 [pid 5734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5734] close(3) = 0 [pid 5734] mkdir("./file0", 0777) = 0 [pid 5734] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5734] chdir("./file0") = 0 [pid 5734] ioctl(4, LOOP_CLR_FD) = 0 [pid 5734] close(4) = 0 [pid 5734] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5734] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5733] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] <... openat resumed>) = 4 [pid 5734] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = 0 [pid 5734] <... futex resumed>) = 1 [pid 5733] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5733] <... futex resumed>) = 0 [pid 5734] <... ioctl resumed>) = 0 [pid 5733] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = 0 [pid 5734] <... futex resumed>) = 0 [pid 5733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5734] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... mmap resumed>) = 0x7f4000566000 [pid 5733] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5733] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5737], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5737 [pid 5733] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5737 attached [pid 5737] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5737] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5737] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] <... futex resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5737] <... futex resumed>) = 1 [pid 5734] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5733] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5734] <... write resumed>) = 7 [pid 5734] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5734] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] exit_group(0 [pid 5737] <... futex resumed>) = ? [pid 5734] <... futex resumed>) = ? [pid 5733] <... exit_group resumed>) = ? [pid 5734] +++ exited with 0 +++ [pid 5737] +++ exited with 0 +++ [pid 5733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5733, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./133/binderfs") = 0 [ 65.680809][ T5734] loop0: detected capacity change from 0 to 2048 [ 65.690466][ T5734] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5738 ./strace-static-x86_64: Process 5738 attached [pid 5738] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5738] chdir("./134") = 0 [pid 5738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5738] setpgid(0, 0) = 0 [pid 5738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5738] write(3, "1000", 4) = 4 [pid 5738] close(3) = 0 [pid 5738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5738] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5738] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5738] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5739 attached , parent_tid=[5739], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5739 [pid 5739] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5739] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5738] <... futex resumed>) = 0 [pid 5739] memfd_create("syzkaller", 0 [pid 5738] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5739] <... memfd_create resumed>) = 3 [pid 5739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5739] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5739] munmap(0x7f4000487000, 1048576) = 0 [pid 5739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5739] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5739] close(3) = 0 [pid 5739] mkdir("./file0", 0777) = 0 [pid 5739] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5739] chdir("./file0") = 0 [pid 5739] ioctl(4, LOOP_CLR_FD) = 0 [pid 5739] close(4) = 0 [pid 5739] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... futex resumed>) = 1 [pid 5739] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5739] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5738] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5738] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5739] <... futex resumed>) = 1 [pid 5738] <... clone resumed>, parent_tid=[5742], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5742 [pid 5738] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5742 attached [pid 5742] set_robust_list(0x7f40005869e0, 24 [pid 5739] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5742] <... set_robust_list resumed>) = 0 [pid 5742] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5742] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... ioctl resumed>) = 0 [pid 5742] <... futex resumed>) = 1 [pid 5742] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5739] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5742] <... write resumed>) = 7 [pid 5742] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] <... futex resumed>) = 0 [pid 5738] exit_group(0) = ? [pid 5739] <... futex resumed>) = ? [pid 5739] +++ exited with 0 +++ [pid 5742] +++ exited with 0 +++ [pid 5738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5738, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./134/binderfs") = 0 [ 65.800478][ T5739] loop0: detected capacity change from 0 to 2048 [ 65.809639][ T5739] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5743 ./strace-static-x86_64: Process 5743 attached [pid 5743] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5743] chdir("./135") = 0 [pid 5743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5743] setpgid(0, 0) = 0 [pid 5743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5743] write(3, "1000", 4) = 4 [pid 5743] close(3) = 0 [pid 5743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5743] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5743] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5743] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5744], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5744 [pid 5743] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5744 attached [pid 5744] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5744] memfd_create("syzkaller", 0) = 3 [pid 5744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5744] munmap(0x7f4000487000, 1048576) = 0 [pid 5744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5744] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5744] close(3) = 0 [pid 5744] mkdir("./file0", 0777) = 0 [pid 5744] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5744] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5744] chdir("./file0") = 0 [pid 5744] ioctl(4, LOOP_CLR_FD) = 0 [pid 5744] close(4) = 0 [pid 5744] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5744] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5744] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5743] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... openat resumed>) = 4 [pid 5744] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5744] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5743] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... ioctl resumed>) = 0 [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5744] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5744] <... futex resumed>) = 0 [pid 5744] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] <... mprotect resumed>) = 0 [pid 5743] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5747], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5747 [pid 5743] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5747 attached [pid 5747] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5747] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5747] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... futex resumed>) = 0 [pid 5744] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5747] <... futex resumed>) = 1 [pid 5747] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] <... write resumed>) = 7 [ 65.902339][ T5744] loop0: detected capacity change from 0 to 2048 [ 65.912123][ T5744] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5744] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5743] exit_group(0 [pid 5744] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5743] <... exit_group resumed>) = ? [pid 5747] <... futex resumed>) = ? [pid 5744] +++ exited with 0 +++ [pid 5747] +++ exited with 0 +++ [pid 5743] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5743, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./135/binderfs") = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5748 ./strace-static-x86_64: Process 5748 attached [pid 5748] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5748] chdir("./136") = 0 [pid 5748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5748] setpgid(0, 0) = 0 [pid 5748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5748] write(3, "1000", 4) = 4 [pid 5748] close(3) = 0 [pid 5748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5748] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5748] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5748] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5749 attached , parent_tid=[5749], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5749 [pid 5749] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5749] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5748] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5749] memfd_create("syzkaller", 0) = 3 [pid 5749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5748] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5749] munmap(0x7f4000487000, 1048576) = 0 [pid 5749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5749] close(3) = 0 [pid 5749] mkdir("./file0", 0777) = 0 [pid 5749] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5749] chdir("./file0") = 0 [pid 5749] ioctl(4, LOOP_CLR_FD) = 0 [pid 5749] close(4) = 0 [pid 5749] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... futex resumed>) = 1 [pid 5749] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5749] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5748] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5748] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5752], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5752 [pid 5748] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... futex resumed>) = 1 [pid 5749] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 ./strace-static-x86_64: Process 5752 attached [pid 5749] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5752] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5752] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... futex resumed>) = 0 [pid 5749] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5752] <... futex resumed>) = 1 [pid 5752] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5749] <... write resumed>) = 7 [pid 5749] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] <... futex resumed>) = 0 [pid 5748] exit_group(0 [pid 5752] <... futex resumed>) = ? [pid 5748] <... exit_group resumed>) = ? [pid 5752] +++ exited with 0 +++ [pid 5749] +++ exited with 0 +++ [pid 5748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5748, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./136/binderfs") = 0 [ 66.010361][ T5749] loop0: detected capacity change from 0 to 2048 [ 66.019665][ T5749] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5753 ./strace-static-x86_64: Process 5753 attached [pid 5753] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5753] chdir("./137") = 0 [pid 5753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5753] setpgid(0, 0) = 0 [pid 5753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5753] write(3, "1000", 4) = 4 [pid 5753] close(3) = 0 [pid 5753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5753] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5753] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5753] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5754 attached , parent_tid=[5754], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5754 [pid 5754] set_robust_list(0x7f40088a79e0, 24 [pid 5753] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] <... set_robust_list resumed>) = 0 [pid 5753] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5754] memfd_create("syzkaller", 0) = 3 [pid 5754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5754] munmap(0x7f4000487000, 1048576) = 0 [pid 5754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5754] close(3) = 0 [pid 5754] mkdir("./file0", 0777) = 0 [pid 5754] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5754] chdir("./file0") = 0 [pid 5754] ioctl(4, LOOP_CLR_FD) = 0 [pid 5754] close(4) = 0 [pid 5754] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = 0 [pid 5753] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... futex resumed>) = 1 [pid 5754] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5754] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = 0 [pid 5753] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5754] <... futex resumed>) = 1 [pid 5753] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5753] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5758 attached [pid 5754] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5753] <... clone resumed>, parent_tid=[5758], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5758 [ 66.117712][ T5754] loop0: detected capacity change from 0 to 2048 [ 66.127104][ T5754] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5753] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5758] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5754] <... ioctl resumed>) = 0 [pid 5754] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5758] <... openat resumed>) = 5 [pid 5758] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = 0 [pid 5753] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] <... futex resumed>) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5754] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5758] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] <... write resumed>) = 7 [pid 5754] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] <... futex resumed>) = 0 [pid 5754] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] exit_group(0 [pid 5758] <... futex resumed>) = ? [pid 5754] <... futex resumed>) = ? [pid 5753] <... exit_group resumed>) = ? [pid 5758] +++ exited with 0 +++ [pid 5754] +++ exited with 0 +++ [pid 5753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5753, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./137/binderfs") = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5759 attached , child_tidptr=0x5555570c15d0) = 5759 [pid 5759] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5759] chdir("./138") = 0 [pid 5759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5759] setpgid(0, 0) = 0 [pid 5759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5759] write(3, "1000", 4) = 4 [pid 5759] close(3) = 0 [pid 5759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5759] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5759] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5759] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5760 attached , parent_tid=[5760], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5760 [pid 5760] set_robust_list(0x7f40088a79e0, 24 [pid 5759] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... set_robust_list resumed>) = 0 [pid 5759] <... futex resumed>) = 0 [pid 5760] memfd_create("syzkaller", 0 [pid 5759] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5760] <... memfd_create resumed>) = 3 [pid 5760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5760] munmap(0x7f4000487000, 1048576) = 0 [pid 5760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5760] close(3) = 0 [pid 5760] mkdir("./file0", 0777) = 0 [pid 5760] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5760] chdir("./file0") = 0 [pid 5760] ioctl(4, LOOP_CLR_FD) = 0 [pid 5760] close(4) = 0 [pid 5760] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5759] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... openat resumed>) = 4 [pid 5760] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5759] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] <... ioctl resumed>) = 0 [pid 5759] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] <... futex resumed>) = 0 [pid 5760] <... futex resumed>) = 0 [pid 5759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5760] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] <... mmap resumed>) = 0x7f4000566000 [pid 5759] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5759] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5763], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5763 [pid 5759] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5763 attached [pid 5763] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5763] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 66.245747][ T5760] loop0: detected capacity change from 0 to 2048 [ 66.255150][ T5760] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5763] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] <... futex resumed>) = 0 [pid 5759] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5759] <... futex resumed>) = 1 [pid 5763] <... futex resumed>) = 1 [pid 5760] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5759] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5760] <... write resumed>) = 7 [pid 5760] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] exit_group(0 [pid 5760] <... futex resumed>) = ? [pid 5759] <... exit_group resumed>) = ? [pid 5760] +++ exited with 0 +++ [pid 5763] <... futex resumed>) = ? [pid 5763] +++ exited with 0 +++ [pid 5759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5759, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./138/binderfs") = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5764 ./strace-static-x86_64: Process 5764 attached [pid 5764] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5764] chdir("./139") = 0 [pid 5764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5764] setpgid(0, 0) = 0 [pid 5764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5764] write(3, "1000", 4) = 4 [pid 5764] close(3) = 0 [pid 5764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5764] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5764] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5764] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5765], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5765 [pid 5764] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5765 attached [pid 5765] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5765] memfd_create("syzkaller", 0) = 3 [pid 5765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5765] munmap(0x7f4000487000, 1048576) = 0 [pid 5765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5765] close(3) = 0 [pid 5765] mkdir("./file0", 0777) = 0 [pid 5765] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5765] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5765] chdir("./file0") = 0 [pid 5765] ioctl(4, LOOP_CLR_FD) = 0 [pid 5765] close(4) = 0 [pid 5765] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5765] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5764] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] <... openat resumed>) = 4 [pid 5764] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5765] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5764] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... ioctl resumed>) = 0 [pid 5764] <... futex resumed>) = 0 [pid 5764] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5765] <... futex resumed>) = 0 [pid 5764] <... mmap resumed>) = 0x7f4000566000 [pid 5765] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5764] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5768], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5768 [pid 5764] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5768 attached [pid 5768] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5768] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5768] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5768] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = 0 [pid 5764] <... futex resumed>) = 1 [pid 5765] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5764] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... write resumed>) = 7 [pid 5765] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5765] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] exit_group(0 [pid 5768] <... futex resumed>) = ? [pid 5765] <... futex resumed>) = ? [pid 5764] <... exit_group resumed>) = ? [pid 5768] +++ exited with 0 +++ [pid 5765] +++ exited with 0 +++ [pid 5764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5764, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 66.358124][ T5765] loop0: detected capacity change from 0 to 2048 [ 66.368204][ T5765] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE unlink("./139/binderfs") = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5769 ./strace-static-x86_64: Process 5769 attached [pid 5769] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5769] chdir("./140") = 0 [pid 5769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5769] setpgid(0, 0) = 0 [pid 5769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "1000", 4) = 4 [pid 5769] close(3) = 0 [pid 5769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5769] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5769] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5769] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5770 attached , parent_tid=[5770], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5770 [pid 5769] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5770] memfd_create("syzkaller", 0) = 3 [pid 5770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5770] munmap(0x7f4000487000, 1048576) = 0 [pid 5770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5770] close(3) = 0 [pid 5770] mkdir("./file0", 0777) = 0 [pid 5770] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5770] chdir("./file0") = 0 [pid 5770] ioctl(4, LOOP_CLR_FD) = 0 [pid 5770] close(4) = 0 [pid 5770] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... futex resumed>) = 1 [pid 5770] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5770] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5769] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5769] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5773], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5773 [pid 5769] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5773 attached [pid 5770] <... futex resumed>) = 1 [pid 5773] set_robust_list(0x7f40005869e0, 24 [pid 5770] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5773] <... set_robust_list resumed>) = 0 [pid 5769] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5770] <... ioctl resumed>) = 0 [pid 5773] <... openat resumed>) = 5 [pid 5770] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5770] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 66.476629][ T5770] loop0: detected capacity change from 0 to 2048 [ 66.485932][ T5770] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5773] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5769] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5773] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] <... write resumed>) = 7 [pid 5770] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5769] exit_group(0 [pid 5773] <... futex resumed>) = ? [pid 5769] <... exit_group resumed>) = ? [pid 5773] +++ exited with 0 +++ [pid 5770] +++ exited with 0 +++ [pid 5769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5769, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./140/binderfs") = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5774 ./strace-static-x86_64: Process 5774 attached [pid 5774] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5774] chdir("./141") = 0 [pid 5774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5774] setpgid(0, 0) = 0 [pid 5774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5774] write(3, "1000", 4) = 4 [pid 5774] close(3) = 0 [pid 5774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5774] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5774] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5775], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5775 [pid 5774] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5775 attached [pid 5775] set_robust_list(0x7f40088a79e0, 24 [pid 5774] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5775] <... set_robust_list resumed>) = 0 [pid 5775] memfd_create("syzkaller", 0) = 3 [pid 5775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5775] munmap(0x7f4000487000, 1048576) = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5775] close(3) = 0 [pid 5775] mkdir("./file0", 0777) = 0 [pid 5775] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5775] chdir("./file0") = 0 [pid 5775] ioctl(4, LOOP_CLR_FD) = 0 [pid 5775] close(4) = 0 [pid 5775] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... futex resumed>) = 0 [pid 5775] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5775] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5774] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5775] <... futex resumed>) = 1 [pid 5774] <... mprotect resumed>) = 0 [pid 5775] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5774] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5775] <... ioctl resumed>) = 0 [pid 5775] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... clone resumed>, parent_tid=[5778], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5778 [pid 5775] <... futex resumed>) = 0 [pid 5774] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5778 attached [pid 5778] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5778] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5778] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... futex resumed>) = 0 [pid 5774] <... futex resumed>) = 1 [pid 5775] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5774] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] <... futex resumed>) = 1 [pid 5778] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5775] <... write resumed>) = 7 [pid 5775] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5775] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] exit_group(0 [pid 5775] <... futex resumed>) = ? [pid 5774] <... exit_group resumed>) = ? [pid 5778] <... futex resumed>) = ? [pid 5775] +++ exited with 0 +++ [pid 5778] +++ exited with 0 +++ [pid 5774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5774, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./141/binderfs") = 0 [ 66.588783][ T5775] loop0: detected capacity change from 0 to 2048 [ 66.597973][ T5775] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5779 ./strace-static-x86_64: Process 5779 attached [pid 5779] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5779] chdir("./142") = 0 [pid 5779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5779] setpgid(0, 0) = 0 [pid 5779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5779] write(3, "1000", 4) = 4 [pid 5779] close(3) = 0 [pid 5779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5779] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5779] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5779] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5780 attached , parent_tid=[5780], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5780 [pid 5779] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5780] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5780] memfd_create("syzkaller", 0) = 3 [pid 5780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5780] munmap(0x7f4000487000, 1048576) = 0 [pid 5780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5780] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5780] close(3) = 0 [pid 5780] mkdir("./file0", 0777) = 0 [pid 5780] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5780] chdir("./file0") = 0 [pid 5780] ioctl(4, LOOP_CLR_FD) = 0 [pid 5780] close(4) = 0 [pid 5780] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5779] <... futex resumed>) = 0 [pid 5780] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5779] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... openat resumed>) = 4 [pid 5780] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5779] <... futex resumed>) = 0 [pid 5780] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5779] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5780] <... ioctl resumed>) = 0 [pid 5779] <... mmap resumed>) = 0x7f4000566000 [pid 5780] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] <... mprotect resumed>) = 0 [pid 5779] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5783], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5783 [pid 5779] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5783 attached [pid 5783] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5783] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5783] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5779] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5780] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5779] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] <... write resumed>) = 7 [pid 5780] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] exit_group(0 [pid 5780] <... futex resumed>) = ? [pid 5779] <... exit_group resumed>) = ? [pid 5780] +++ exited with 0 +++ [pid 5783] <... futex resumed>) = ? [pid 5783] +++ exited with 0 +++ [pid 5779] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5779, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./142/binderfs") = 0 [ 66.700994][ T5780] loop0: detected capacity change from 0 to 2048 [ 66.709863][ T5780] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5784 ./strace-static-x86_64: Process 5784 attached [pid 5784] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5784] chdir("./143") = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3) = 0 [pid 5784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5784] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5784] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5784] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5785], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5785 [pid 5784] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5785 attached ) = 0 [pid 5785] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5785] memfd_create("syzkaller", 0 [pid 5784] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5785] <... memfd_create resumed>) = 3 [pid 5785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5785] munmap(0x7f4000487000, 1048576) = 0 [pid 5785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5785] close(3) = 0 [pid 5785] mkdir("./file0", 0777) = 0 [pid 5785] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5785] chdir("./file0") = 0 [pid 5785] ioctl(4, LOOP_CLR_FD) = 0 [pid 5785] close(4) = 0 [pid 5785] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5785] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5784] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5784] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5788], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5788 [pid 5784] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5785] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5785] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5788 attached [pid 5788] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5788] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5788] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5788] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 0 [pid 5785] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5785] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5785] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] exit_group(0 [pid 5788] <... futex resumed>) = ? [pid 5785] <... futex resumed>) = ? [pid 5784] <... exit_group resumed>) = ? [pid 5788] +++ exited with 0 +++ [pid 5785] +++ exited with 0 +++ [pid 5784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5784, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 [ 66.806658][ T5785] loop0: detected capacity change from 0 to 2048 [ 66.816336][ T5785] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./143/binderfs") = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5789 ./strace-static-x86_64: Process 5789 attached [pid 5789] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5789] chdir("./144") = 0 [pid 5789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5789] setpgid(0, 0) = 0 [pid 5789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5789] write(3, "1000", 4) = 4 [pid 5789] close(3) = 0 [pid 5789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5789] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5789] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5789] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5790 attached , parent_tid=[5790], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5790 [pid 5789] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5790] memfd_create("syzkaller", 0) = 3 [pid 5790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5790] munmap(0x7f4000487000, 1048576) = 0 [pid 5790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5790] close(3) = 0 [pid 5790] mkdir("./file0", 0777) = 0 [pid 5790] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5790] chdir("./file0") = 0 [pid 5790] ioctl(4, LOOP_CLR_FD) = 0 [pid 5790] close(4) = 0 [pid 5790] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5790] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5789] <... futex resumed>) = 0 [pid 5790] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5789] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... openat resumed>) = 4 [pid 5790] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5790] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5789] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... ioctl resumed>) = 0 [pid 5789] <... futex resumed>) = 0 [pid 5790] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5790] <... futex resumed>) = 0 [pid 5789] <... mmap resumed>) = 0x7f4000566000 [pid 5790] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5789] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5793 attached , parent_tid=[5793], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5793 [pid 5789] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5793] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5793] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5793] <... futex resumed>) = 1 [pid 5790] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5789] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5790] <... write resumed>) = 7 [pid 5790] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5790] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] exit_group(0 [pid 5793] <... futex resumed>) = ? [pid 5790] <... futex resumed>) = ? [pid 5789] <... exit_group resumed>) = ? [pid 5793] +++ exited with 0 +++ [pid 5790] +++ exited with 0 +++ [pid 5789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5789, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./144/binderfs") = 0 [ 66.921407][ T5790] loop0: detected capacity change from 0 to 2048 [ 66.930644][ T5790] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5794 attached , child_tidptr=0x5555570c15d0) = 5794 [pid 5794] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5794] chdir("./145") = 0 [pid 5794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5794] setpgid(0, 0) = 0 [pid 5794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5794] write(3, "1000", 4) = 4 [pid 5794] close(3) = 0 [pid 5794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5794] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5794] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5794] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5795], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5795 [pid 5794] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5795 attached [pid 5795] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5795] memfd_create("syzkaller", 0) = 3 [pid 5795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5795] munmap(0x7f4000487000, 1048576) = 0 [pid 5795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5795] close(3) = 0 [pid 5795] mkdir("./file0", 0777) = 0 [pid 5795] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5795] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5795] chdir("./file0") = 0 [pid 5795] ioctl(4, LOOP_CLR_FD) = 0 [pid 5795] close(4) = 0 [pid 5795] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... futex resumed>) = 1 [pid 5795] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5795] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5794] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5795] <... ioctl resumed>) = 0 [pid 5795] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... mprotect resumed>) = 0 [pid 5795] <... futex resumed>) = 0 [pid 5794] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5795] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5798 attached [pid 5794] <... clone resumed>, parent_tid=[5798], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5798 [pid 5794] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5798] set_robust_list(0x7f40005869e0, 24 [pid 5794] <... futex resumed>) = 0 [pid 5798] <... set_robust_list resumed>) = 0 [pid 5794] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5798] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5798] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5798] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = 0 [pid 5794] <... futex resumed>) = 1 [pid 5794] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5795] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5795] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] exit_group(0 [pid 5795] <... futex resumed>) = ? [pid 5795] +++ exited with 0 +++ [pid 5794] <... exit_group resumed>) = ? [pid 5798] <... futex resumed>) = ? [pid 5798] +++ exited with 0 +++ [pid 5794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5794, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./145/binderfs") = 0 [ 67.037539][ T5795] loop0: detected capacity change from 0 to 2048 [ 67.047580][ T5795] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5799 ./strace-static-x86_64: Process 5799 attached [pid 5799] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5799] chdir("./146") = 0 [pid 5799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5799] setpgid(0, 0) = 0 [pid 5799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5799] write(3, "1000", 4) = 4 [pid 5799] close(3) = 0 [pid 5799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5799] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5799] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5799] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5800 attached , parent_tid=[5800], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5800 [pid 5800] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5800] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5799] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5800] memfd_create("syzkaller", 0 [pid 5799] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5800] <... memfd_create resumed>) = 3 [pid 5800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5800] munmap(0x7f4000487000, 1048576) = 0 [pid 5800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5800] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5800] close(3) = 0 [pid 5800] mkdir("./file0", 0777) = 0 [pid 5800] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5800] chdir("./file0") = 0 [pid 5800] ioctl(4, LOOP_CLR_FD) = 0 [pid 5800] close(4) = 0 [pid 5800] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5799] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] <... futex resumed>) = 1 [pid 5800] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5800] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5799] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5799] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5799] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5804], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5804 [pid 5799] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] <... futex resumed>) = 1 [pid 5800] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5800] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5804 attached [pid 5804] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5804] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5804] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5799] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5799] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] <... futex resumed>) = 0 [pid 5800] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5800] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5799] exit_group(0) = ? [pid 5800] <... futex resumed>) = ? [pid 5800] +++ exited with 0 +++ [pid 5804] <... futex resumed>) = ? [pid 5804] +++ exited with 0 +++ [pid 5799] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5799, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./146/binderfs") = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 67.141051][ T5800] loop0: detected capacity change from 0 to 2048 [ 67.150446][ T5800] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5805 ./strace-static-x86_64: Process 5805 attached [pid 5805] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5805] chdir("./147") = 0 [pid 5805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5805] setpgid(0, 0) = 0 [pid 5805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5805] write(3, "1000", 4) = 4 [pid 5805] close(3) = 0 [pid 5805] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5805] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5805] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5805] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5806], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5806 [pid 5805] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5805] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5806 attached [pid 5806] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5806] memfd_create("syzkaller", 0) = 3 [pid 5806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5806] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5806] munmap(0x7f4000487000, 1048576) = 0 [pid 5806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5806] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5806] close(3) = 0 [pid 5806] mkdir("./file0", 0777) = 0 [pid 5806] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5806] chdir("./file0") = 0 [pid 5806] ioctl(4, LOOP_CLR_FD) = 0 [pid 5806] close(4) = 0 [pid 5806] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = 0 [pid 5805] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5805] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5806] <... futex resumed>) = 1 [pid 5806] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5806] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = 0 [pid 5805] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5805] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5805] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5805] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5809], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5809 [pid 5805] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5805] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5806] <... futex resumed>) = 1 [pid 5806] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 5809 attached ) = 0 [pid 5806] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5809] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5809] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5805] <... futex resumed>) = 0 [pid 5809] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5805] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5805] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5806] <... futex resumed>) = 0 [pid 5806] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5806] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5805] <... futex resumed>) = 0 [pid 5806] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5805] exit_group(0 [pid 5809] <... futex resumed>) = ? [pid 5806] <... futex resumed>) = ? [pid 5805] <... exit_group resumed>) = ? [pid 5806] +++ exited with 0 +++ [pid 5809] +++ exited with 0 +++ [pid 5805] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5805, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./147/binderfs") = 0 [ 67.239072][ T5806] loop0: detected capacity change from 0 to 2048 [ 67.248163][ T5806] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5810 ./strace-static-x86_64: Process 5810 attached [pid 5810] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5810] chdir("./148") = 0 [pid 5810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5810] setpgid(0, 0) = 0 [pid 5810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5810] write(3, "1000", 4) = 4 [pid 5810] close(3) = 0 [pid 5810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5810] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5810] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5811], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5811 [pid 5810] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5811 attached [pid 5811] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5811] memfd_create("syzkaller", 0) = 3 [pid 5811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5811] munmap(0x7f4000487000, 1048576) = 0 [pid 5811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5811] close(3) = 0 [pid 5811] mkdir("./file0", 0777) = 0 [pid 5811] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5811] chdir("./file0") = 0 [pid 5811] ioctl(4, LOOP_CLR_FD) = 0 [pid 5811] close(4) = 0 [pid 5811] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5811] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5810] <... futex resumed>) = 0 [pid 5811] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5810] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... ioctl resumed>) = 0 [pid 5810] <... futex resumed>) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5811] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] <... mmap resumed>) = 0x7f4000566000 [pid 5811] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5814], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5814 [pid 5810] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5814 attached [pid 5814] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5814] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5814] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5811] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5810] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... futex resumed>) = 1 [pid 5814] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5811] <... write resumed>) = 7 [pid 5811] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... futex resumed>) = 0 [pid 5810] exit_group(0 [pid 5811] <... futex resumed>) = ? [pid 5810] <... exit_group resumed>) = ? [pid 5811] +++ exited with 0 +++ [pid 5814] <... futex resumed>) = ? [pid 5814] +++ exited with 0 +++ [pid 5810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5810, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./148/binderfs") = 0 [ 67.340173][ T5811] loop0: detected capacity change from 0 to 2048 [ 67.350245][ T5811] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5815 ./strace-static-x86_64: Process 5815 attached [pid 5815] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5815] chdir("./149") = 0 [pid 5815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5815] setpgid(0, 0) = 0 [pid 5815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5815] write(3, "1000", 4) = 4 [pid 5815] close(3) = 0 [pid 5815] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5815] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5815] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5815] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5816 attached [pid 5816] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5816] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] <... clone resumed>, parent_tid=[5816], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5816 [pid 5815] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = 0 [pid 5815] <... futex resumed>) = 1 [pid 5816] memfd_create("syzkaller", 0 [pid 5815] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5816] <... memfd_create resumed>) = 3 [pid 5816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5816] munmap(0x7f4000487000, 1048576) = 0 [pid 5816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5816] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5816] close(3) = 0 [pid 5816] mkdir("./file0", 0777) = 0 [pid 5816] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5816] chdir("./file0") = 0 [pid 5816] ioctl(4, LOOP_CLR_FD) = 0 [pid 5816] close(4) = 0 [pid 5816] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = 0 [pid 5815] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] <... futex resumed>) = 1 [pid 5816] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5816] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = 0 [pid 5815] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5815] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5815] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5819], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5819 [pid 5815] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] <... futex resumed>) = 1 [pid 5816] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5816] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5819 attached [pid 5819] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5819] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5819] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = 0 [pid 5815] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] <... futex resumed>) = 0 [pid 5816] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5819] <... futex resumed>) = 1 [pid 5819] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] <... write resumed>) = 7 [pid 5816] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] <... futex resumed>) = 0 [pid 5816] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] exit_group(0 [pid 5816] <... futex resumed>) = ? [pid 5815] <... exit_group resumed>) = ? [pid 5816] +++ exited with 0 +++ [pid 5819] <... futex resumed>) = ? [pid 5819] +++ exited with 0 +++ [pid 5815] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5815, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./149/binderfs") = 0 [ 67.455533][ T5816] loop0: detected capacity change from 0 to 2048 [ 67.464477][ T5816] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5820 ./strace-static-x86_64: Process 5820 attached [pid 5820] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5820] chdir("./150") = 0 [pid 5820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5820] setpgid(0, 0) = 0 [pid 5820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "1000", 4) = 4 [pid 5820] close(3) = 0 [pid 5820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5820] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5820] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5820] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5821 attached , parent_tid=[5821], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5821 [pid 5820] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5821] memfd_create("syzkaller", 0) = 3 [pid 5821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5821] munmap(0x7f4000487000, 1048576) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5821] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5821] close(3) = 0 [pid 5821] mkdir("./file0", 0777) = 0 [pid 5821] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5821] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5821] chdir("./file0") = 0 [pid 5821] ioctl(4, LOOP_CLR_FD) = 0 [pid 5821] close(4) = 0 [pid 5821] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5821] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5820] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... openat resumed>) = 4 [pid 5821] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5821] <... futex resumed>) = 1 [pid 5820] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5820] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5820] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5821] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5824 attached ) = 0 [pid 5824] set_robust_list(0x7f40005869e0, 24 [pid 5821] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... clone resumed>, parent_tid=[5824], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5824 [pid 5824] <... set_robust_list resumed>) = 0 [pid 5820] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... openat resumed>) = 5 [pid 5824] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5824] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5821] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5820] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... write resumed>) = 7 [pid 5821] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5821] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] exit_group(0 [pid 5824] <... futex resumed>) = ? [pid 5821] <... futex resumed>) = ? [pid 5820] <... exit_group resumed>) = ? [pid 5824] +++ exited with 0 +++ [pid 5821] +++ exited with 0 +++ [pid 5820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5820, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 67.568713][ T5821] loop0: detected capacity change from 0 to 2048 [ 67.578131][ T5821] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./150/binderfs") = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5825 ./strace-static-x86_64: Process 5825 attached [pid 5825] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5825] chdir("./151") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5825] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5825] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5826], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5826 ./strace-static-x86_64: Process 5826 attached [pid 5825] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5826] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5826] memfd_create("syzkaller", 0) = 3 [pid 5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5826] munmap(0x7f4000487000, 1048576) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5826] close(3) = 0 [pid 5826] mkdir("./file0", 0777) = 0 [pid 5826] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5826] chdir("./file0") = 0 [pid 5826] ioctl(4, LOOP_CLR_FD) = 0 [pid 5826] close(4) = 0 [pid 5826] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... futex resumed>) = 1 [pid 5826] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5826] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5825] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5829], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5829 [pid 5825] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5829 attached [pid 5826] <... futex resumed>) = 1 [pid 5829] set_robust_list(0x7f40005869e0, 24 [pid 5826] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5829] <... set_robust_list resumed>) = 0 [pid 5829] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5826] <... ioctl resumed>) = 0 [pid 5826] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] <... openat resumed>) = 5 [pid 5829] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... futex resumed>) = 0 [pid 5826] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5829] <... futex resumed>) = 1 [pid 5829] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] <... write resumed>) = 7 [pid 5826] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5825] exit_group(0) = ? [pid 5829] <... futex resumed>) = ? [pid 5826] <... futex resumed>) = ? [pid 5829] +++ exited with 0 +++ [pid 5826] +++ exited with 0 +++ [pid 5825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5825, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 67.682625][ T5826] loop0: detected capacity change from 0 to 2048 [ 67.692331][ T5826] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./151/binderfs") = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5830 ./strace-static-x86_64: Process 5830 attached [pid 5830] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5830] chdir("./152") = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5830] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5831 attached , parent_tid=[5831], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5831 [pid 5831] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5831] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5831] memfd_create("syzkaller", 0 [pid 5830] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... memfd_create resumed>) = 3 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5831] munmap(0x7f4000487000, 1048576) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5831] close(3) = 0 [pid 5831] mkdir("./file0", 0777) = 0 [pid 5831] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5831] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] chdir("./file0") = 0 [pid 5831] ioctl(4, LOOP_CLR_FD) = 0 [pid 5831] close(4) = 0 [pid 5831] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5831] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] <... futex resumed>) = 0 [ 67.803548][ T5831] loop0: detected capacity change from 0 to 2048 [ 67.813043][ T5831] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5830] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... openat resumed>) = 4 [pid 5831] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5831] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5830] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... futex resumed>) = 0 [pid 5831] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 0 [pid 5831] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5830] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5834 attached , parent_tid=[5834], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5834 [pid 5834] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5834] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 1 [pid 5834] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... openat resumed>) = 5 [pid 5834] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5834] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... futex resumed>) = 0 [pid 5831] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5831] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5830] exit_group(0 [pid 5834] <... futex resumed>) = ? [pid 5830] <... exit_group resumed>) = ? [pid 5834] +++ exited with 0 +++ [pid 5831] +++ exited with 0 +++ [pid 5830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./152/binderfs") = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5835 ./strace-static-x86_64: Process 5835 attached [pid 5835] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5835] chdir("./153") = 0 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] setpgid(0, 0) = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1000", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5835] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5835] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5836 attached , parent_tid=[5836], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5836 [pid 5836] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5836] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5836] memfd_create("syzkaller", 0 [pid 5835] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5836] <... memfd_create resumed>) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5836] munmap(0x7f4000487000, 1048576) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5836] close(3) = 0 [pid 5836] mkdir("./file0", 0777) = 0 [pid 5836] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5836] chdir("./file0") = 0 [pid 5836] ioctl(4, LOOP_CLR_FD) = 0 [pid 5836] close(4) = 0 [pid 5836] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5836] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] <... futex resumed>) = 0 [pid 5836] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5835] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... openat resumed>) = 4 [pid 5836] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5836] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5835] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... ioctl resumed>) = 0 [pid 5835] <... futex resumed>) = 0 [pid 5836] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 0 [pid 5836] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5835] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5839], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5839 [pid 5835] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5839 attached [pid 5835] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5839] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5839] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5839] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5836] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5835] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... write resumed>) = 7 [pid 5836] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5836] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] exit_group(0 [pid 5839] <... futex resumed>) = ? [pid 5836] <... futex resumed>) = ? [pid 5835] <... exit_group resumed>) = ? [pid 5839] +++ exited with 0 +++ [pid 5836] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./153/binderfs") = 0 [ 67.922066][ T5836] loop0: detected capacity change from 0 to 2048 [ 67.931747][ T5836] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5840 ./strace-static-x86_64: Process 5840 attached [pid 5840] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5840] chdir("./154") = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5840] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5841 attached [pid 5841] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5841] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... clone resumed>, parent_tid=[5841], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5841 [pid 5840] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5840] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5841] memfd_create("syzkaller", 0) = 3 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5841] munmap(0x7f4000487000, 1048576) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5841] close(3) = 0 [pid 5841] mkdir("./file0", 0777) = 0 [pid 5841] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5841] chdir("./file0") = 0 [pid 5841] ioctl(4, LOOP_CLR_FD) = 0 [pid 5841] close(4) = 0 [pid 5841] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5841] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5840] <... futex resumed>) = 0 [pid 5841] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5840] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] <... openat resumed>) = 4 [pid 5841] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 0 [pid 5841] <... futex resumed>) = 1 [pid 5840] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5840] <... futex resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5840] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 0 [pid 5841] <... futex resumed>) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5841] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... mmap resumed>) = 0x7f4000566000 [pid 5840] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5845], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5845 ./strace-static-x86_64: Process 5845 attached [pid 5840] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5845] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5845] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = 1 [pid 5841] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5840] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... futex resumed>) = 1 [pid 5845] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... write resumed>) = 7 [pid 5841] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5841] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] exit_group(0 [pid 5845] <... futex resumed>) = ? [pid 5841] <... futex resumed>) = ? [pid 5840] <... exit_group resumed>) = ? [pid 5845] +++ exited with 0 +++ [pid 5841] +++ exited with 0 +++ [pid 5840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./154/binderfs") = 0 [ 68.019256][ T5841] loop0: detected capacity change from 0 to 2048 [ 68.028681][ T5841] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5846 ./strace-static-x86_64: Process 5846 attached [pid 5846] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5846] chdir("./155") = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5846] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5847 attached , parent_tid=[5847], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5847 [pid 5847] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5847] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5847] memfd_create("syzkaller", 0) = 3 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5846] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5847] munmap(0x7f4000487000, 1048576) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5847] close(3) = 0 [pid 5847] mkdir("./file0", 0777) = 0 [pid 5847] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] chdir("./file0") = 0 [pid 5847] ioctl(4, LOOP_CLR_FD) = 0 [pid 5847] close(4) = 0 [pid 5847] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... futex resumed>) = 1 [pid 5847] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5847] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5846] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5850], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5850 [pid 5846] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... futex resumed>) = 1 [pid 5847] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5847] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5850 attached [pid 5850] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5850] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5850] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... futex resumed>) = 0 [pid 5847] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5847] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5846] exit_group(0) = ? [pid 5847] <... futex resumed>) = ? [pid 5847] +++ exited with 0 +++ [pid 5850] <... futex resumed>) = ? [pid 5850] +++ exited with 0 +++ [pid 5846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./155/binderfs") = 0 [ 68.137734][ T5847] loop0: detected capacity change from 0 to 2048 [ 68.146567][ T5847] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5851 ./strace-static-x86_64: Process 5851 attached [pid 5851] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5851] chdir("./156") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5851] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5852], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5852 [pid 5851] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5852 attached [pid 5852] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5852] memfd_create("syzkaller", 0) = 3 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5852] munmap(0x7f4000487000, 1048576) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] close(3) = 0 [pid 5852] mkdir("./file0", 0777) = 0 [pid 5852] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] chdir("./file0") = 0 [pid 5852] ioctl(4, LOOP_CLR_FD) = 0 [pid 5852] close(4) = 0 [pid 5852] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] <... futex resumed>) = 1 [pid 5852] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5852] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] <... futex resumed>) = 1 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5852] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5851] <... mmap resumed>) = 0x7f4000566000 [pid 5852] <... ioctl resumed>) = 0 [pid 5851] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5852] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... mprotect resumed>) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5851] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5852] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] <... clone resumed>, parent_tid=[5855], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5855 [pid 5851] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5855 attached [pid 5855] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5855] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5855] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5851] <... futex resumed>) = 1 [pid 5855] <... futex resumed>) = 1 [pid 5852] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5851] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... write resumed>) = 7 [pid 5852] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [ 68.237537][ T5852] loop0: detected capacity change from 0 to 2048 [ 68.247772][ T5852] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5852] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] exit_group(0 [pid 5855] <... futex resumed>) = ? [pid 5852] <... futex resumed>) = ? [pid 5851] <... exit_group resumed>) = ? [pid 5855] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ [pid 5851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./156/binderfs") = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5856 ./strace-static-x86_64: Process 5856 attached [pid 5856] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5856] chdir("./157") = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] setpgid(0, 0) = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5856] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5856] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5856] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5857 attached , parent_tid=[5857], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5857 [pid 5857] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5857] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5857] memfd_create("syzkaller", 0) = 3 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5856] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5857] munmap(0x7f4000487000, 1048576) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5857] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5857] close(3) = 0 [pid 5857] mkdir("./file0", 0777) = 0 [pid 5857] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5857] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5857] chdir("./file0") = 0 [pid 5857] ioctl(4, LOOP_CLR_FD) = 0 [pid 5857] close(4) = 0 [pid 5857] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... futex resumed>) = 1 [pid 5857] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5857] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5856] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5856] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5860 attached [pid 5860] set_robust_list(0x7f40005869e0, 24 [pid 5856] <... clone resumed>, parent_tid=[5860], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5860 [pid 5856] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... futex resumed>) = 1 [pid 5857] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5857] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... set_robust_list resumed>) = 0 [pid 5860] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5860] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... futex resumed>) = 0 [pid 5857] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5860] <... futex resumed>) = 1 [pid 5860] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... write resumed>) = 7 [pid 5857] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5856] exit_group(0) = ? [pid 5860] <... futex resumed>) = ? [pid 5860] +++ exited with 0 +++ [pid 5857] +++ exited with 0 +++ [pid 5856] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 68.368671][ T5857] loop0: detected capacity change from 0 to 2048 [ 68.377875][ T5857] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE unlink("./157/binderfs") = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5861 ./strace-static-x86_64: Process 5861 attached [pid 5861] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5861] chdir("./158") = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] setpgid(0, 0) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5861] write(3, "1000", 4) = 4 [pid 5861] close(3) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5861] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5861] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5862], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5862 [pid 5861] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5862 attached [pid 5862] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5862] memfd_create("syzkaller", 0) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5862] munmap(0x7f4000487000, 1048576) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] mkdir("./file0", 0777) = 0 [pid 5862] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./file0") = 0 [pid 5862] ioctl(4, LOOP_CLR_FD) = 0 [pid 5862] close(4) = 0 [pid 5862] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5862] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5861] <... futex resumed>) = 0 [pid 5862] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5861] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... openat resumed>) = 4 [pid 5862] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5862] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5861] <... futex resumed>) = 0 [pid 5862] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5861] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... ioctl resumed>) = 0 [pid 5861] <... futex resumed>) = 0 [pid 5862] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] <... mmap resumed>) = 0x7f4000566000 [pid 5861] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5865 attached [pid 5865] set_robust_list(0x7f40005869e0, 24 [pid 5861] <... clone resumed>, parent_tid=[5865], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5865 [pid 5861] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5861] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5865] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5865] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5862] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5861] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... write resumed>) = 7 [pid 5862] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5862] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] exit_group(0 [pid 5865] <... futex resumed>) = ? [pid 5862] <... futex resumed>) = ? [pid 5861] <... exit_group resumed>) = ? [pid 5865] +++ exited with 0 +++ [pid 5862] +++ exited with 0 +++ [pid 5861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./158/binderfs") = 0 [ 68.480922][ T5862] loop0: detected capacity change from 0 to 2048 [ 68.490300][ T5862] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5866 ./strace-static-x86_64: Process 5866 attached [pid 5866] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5866] chdir("./159") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5866] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5866] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5867], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5867 [pid 5866] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5867 attached [pid 5867] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5867] memfd_create("syzkaller", 0) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5867] munmap(0x7f4000487000, 1048576) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5867] close(3) = 0 [pid 5867] mkdir("./file0", 0777) = 0 [pid 5867] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./file0") = 0 [pid 5867] ioctl(4, LOOP_CLR_FD) = 0 [pid 5867] close(4) = 0 [pid 5867] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5866] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5867] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5867] <... futex resumed>) = 1 [pid 5866] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5867] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5866] <... mprotect resumed>) = 0 [pid 5866] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5870], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5870 [pid 5866] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... ioctl resumed>) = 0 [pid 5867] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5870 attached [pid 5870] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5870] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5870] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [ 68.592525][ T5867] loop0: detected capacity change from 0 to 2048 [ 68.602413][ T5867] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5866] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5867] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5866] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... futex resumed>) = 1 [pid 5870] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] <... write resumed>) = 7 [pid 5867] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5866] exit_group(0 [pid 5867] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... exit_group resumed>) = ? [pid 5867] <... futex resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5870] <... futex resumed>) = ? [pid 5870] +++ exited with 0 +++ [pid 5866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./159/binderfs") = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached , child_tidptr=0x5555570c15d0) = 5871 [pid 5871] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5871] chdir("./160") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5871] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5872 attached , parent_tid=[5872], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5872 [pid 5872] set_robust_list(0x7f40088a79e0, 24 [pid 5871] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] <... set_robust_list resumed>) = 0 [pid 5872] memfd_create("syzkaller", 0) = 3 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5872] munmap(0x7f4000487000, 1048576) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [pid 5872] mkdir("./file0", 0777) = 0 [pid 5872] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] chdir("./file0") = 0 [pid 5872] ioctl(4, LOOP_CLR_FD) = 0 [pid 5872] close(4) = 0 [pid 5872] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... futex resumed>) = 1 [pid 5872] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5872] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5871] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5875], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5875 [pid 5871] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... futex resumed>) = 1 [pid 5872] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5872] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5875 attached [pid 5875] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5875] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5875] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] <... futex resumed>) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5875] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5872] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5872] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] exit_group(0 [pid 5872] <... futex resumed>) = ? [pid 5871] <... exit_group resumed>) = ? [pid 5875] <... futex resumed>) = ? [pid 5872] +++ exited with 0 +++ [pid 5875] +++ exited with 0 +++ [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 68.730928][ T5872] loop0: detected capacity change from 0 to 2048 [ 68.740693][ T5872] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./160/binderfs") = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5876 ./strace-static-x86_64: Process 5876 attached [pid 5876] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5876] chdir("./161") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5876] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5876] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5877], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5877 [pid 5876] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5877 attached [pid 5877] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5877] memfd_create("syzkaller", 0) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5877] munmap(0x7f4000487000, 1048576) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5877] close(3) = 0 [pid 5877] mkdir("./file0", 0777) = 0 [pid 5877] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5877] chdir("./file0") = 0 [pid 5877] ioctl(4, LOOP_CLR_FD) = 0 [pid 5877] close(4) = 0 [pid 5877] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = 1 [pid 5877] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5876] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... openat resumed>) = 4 [pid 5877] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5877] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5876] <... futex resumed>) = 0 [pid 5877] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5876] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... ioctl resumed>) = 0 [pid 5876] <... futex resumed>) = 0 [pid 5877] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] <... mmap resumed>) = 0x7f4000566000 [pid 5876] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5880], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5880 [pid 5876] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5880 attached [pid 5880] set_robust_list(0x7f40005869e0, 24) = 0 [ 68.874862][ T5877] loop0: detected capacity change from 0 to 2048 [ 68.885439][ T5877] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5880] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5880] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = 1 [pid 5877] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5876] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] <... write resumed>) = 7 [pid 5877] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5877] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] exit_group(0 [pid 5880] <... futex resumed>) = ? [pid 5877] <... futex resumed>) = ? [pid 5876] <... exit_group resumed>) = ? [pid 5877] +++ exited with 0 +++ [pid 5880] +++ exited with 0 +++ [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./161/binderfs") = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5881 ./strace-static-x86_64: Process 5881 attached [pid 5881] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5881] chdir("./162") = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5881] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5881] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5881] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5882], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5882 [pid 5881] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5882 attached [pid 5882] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5882] memfd_create("syzkaller", 0) = 3 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5882] munmap(0x7f4000487000, 1048576) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5882] close(3) = 0 [pid 5882] mkdir("./file0", 0777) = 0 [pid 5882] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5882] chdir("./file0") = 0 [pid 5882] ioctl(4, LOOP_CLR_FD) = 0 [pid 5882] close(4) = 0 [pid 5882] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5882] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5882] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5881] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... openat resumed>) = 4 [pid 5882] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5882] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5882] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5881] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... ioctl resumed>) = 0 [pid 5881] <... futex resumed>) = 0 [pid 5882] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5882] <... futex resumed>) = 0 [pid 5881] <... mmap resumed>) = 0x7f4000566000 [pid 5882] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5881] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5885], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5885 [pid 5881] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5885 attached [pid 5885] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5885] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5885] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5881] <... futex resumed>) = 1 [pid 5885] <... futex resumed>) = 1 [pid 5882] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5881] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] <... write resumed>) = 7 [pid 5882] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5882] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] exit_group(0 [pid 5882] <... futex resumed>) = ? [pid 5881] <... exit_group resumed>) = ? [pid 5882] +++ exited with 0 +++ [pid 5885] <... futex resumed>) = ? [pid 5885] +++ exited with 0 +++ [pid 5881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 [ 68.994307][ T5882] loop0: detected capacity change from 0 to 2048 [ 69.004053][ T5882] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./162/binderfs") = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5886 ./strace-static-x86_64: Process 5886 attached [pid 5886] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5886] chdir("./163") = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5886] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5886] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5886] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5887], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5887 ./strace-static-x86_64: Process 5887 attached [pid 5887] set_robust_list(0x7f40088a79e0, 24 [pid 5886] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... set_robust_list resumed>) = 0 [pid 5887] memfd_create("syzkaller", 0 [pid 5886] <... futex resumed>) = 0 [pid 5887] <... memfd_create resumed>) = 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5886] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5887] munmap(0x7f4000487000, 1048576) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5887] close(3) = 0 [pid 5887] mkdir("./file0", 0777) = 0 [pid 5887] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5887] chdir("./file0") = 0 [pid 5887] ioctl(4, LOOP_CLR_FD) = 0 [pid 5887] close(4) = 0 [pid 5887] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5886] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5887] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = 0 [pid 5886] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5887] <... futex resumed>) = 1 [pid 5886] <... mmap resumed>) = 0x7f4000566000 [pid 5887] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5886] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5887] <... ioctl resumed>) = 0 [pid 5886] <... mprotect resumed>) = 0 [pid 5887] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... clone resumed>, parent_tid=[5890], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5890 [pid 5886] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5890 attached [pid 5890] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5890] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5890] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5890] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5886] <... futex resumed>) = 1 [pid 5887] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5886] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... write resumed>) = 7 [pid 5887] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5887] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] exit_group(0 [pid 5887] <... futex resumed>) = ? [pid 5890] <... futex resumed>) = ? [pid 5886] <... exit_group resumed>) = ? [pid 5887] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ [pid 5886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./163/binderfs") = 0 [ 69.109452][ T5887] loop0: detected capacity change from 0 to 2048 [ 69.118808][ T5887] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5891 ./strace-static-x86_64: Process 5891 attached [pid 5891] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5891] chdir("./164") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5891] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5891] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5891] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5892 attached , parent_tid=[5892], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5892 [pid 5892] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5892] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5891] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5892] memfd_create("syzkaller", 0) = 3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5892] munmap(0x7f4000487000, 1048576) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5892] close(3) = 0 [pid 5892] mkdir("./file0", 0777) = 0 [pid 5892] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./file0") = 0 [pid 5892] ioctl(4, LOOP_CLR_FD) = 0 [pid 5892] close(4) = 0 [pid 5892] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 1 [pid 5892] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5892] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5891] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5891] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5895], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5895 [pid 5891] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 1 [pid 5892] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5892] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5895 attached [pid 5895] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5895] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5895] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 0 [pid 5892] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5895] <... futex resumed>) = 1 [pid 5895] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] <... write resumed>) = 7 [pid 5892] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5892] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] exit_group(0) = ? [pid 5892] <... futex resumed>) = ? [pid 5895] <... futex resumed>) = ? [pid 5892] +++ exited with 0 +++ [pid 5895] +++ exited with 0 +++ [pid 5891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./164/binderfs") = 0 [ 69.205774][ T5892] loop0: detected capacity change from 0 to 2048 [ 69.215128][ T5892] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5896 ./strace-static-x86_64: Process 5896 attached [pid 5896] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5896] chdir("./165") = 0 [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5896] setpgid(0, 0) = 0 [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5896] write(3, "1000", 4) = 4 [pid 5896] close(3) = 0 [pid 5896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5896] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5896] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5896] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5897 attached , parent_tid=[5897], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5897 [pid 5897] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5897] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] <... futex resumed>) = 0 [pid 5897] memfd_create("syzkaller", 0) = 3 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5896] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5897] <... mmap resumed>) = 0x7f4000487000 [pid 5897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5897] munmap(0x7f4000487000, 1048576) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5897] close(3) = 0 [pid 5897] mkdir("./file0", 0777) = 0 [pid 5897] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5897] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5897] chdir("./file0") = 0 [pid 5897] ioctl(4, LOOP_CLR_FD) = 0 [pid 5897] close(4) = 0 [pid 5897] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] <... futex resumed>) = 0 [pid 5896] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] <... futex resumed>) = 1 [pid 5897] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5897] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5896] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5896] <... futex resumed>) = 0 [pid 5896] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] <... ioctl resumed>) = 0 [pid 5896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5897] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] <... mmap resumed>) = 0x7f4000566000 [pid 5896] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5897] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] <... mprotect resumed>) = 0 [pid 5896] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5900], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5900 [pid 5896] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5900 attached [pid 5900] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5900] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5900] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5896] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5896] <... futex resumed>) = 1 [pid 5897] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5896] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 69.308119][ T5897] loop0: detected capacity change from 0 to 2048 [ 69.318569][ T5897] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5900] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] <... write resumed>) = 7 [pid 5897] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5897] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] exit_group(0 [pid 5897] <... futex resumed>) = ? [pid 5896] <... exit_group resumed>) = ? [pid 5897] +++ exited with 0 +++ [pid 5900] <... futex resumed>) = ? [pid 5900] +++ exited with 0 +++ [pid 5896] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5896, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./165/binderfs") = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5901 ./strace-static-x86_64: Process 5901 attached [pid 5901] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5901] chdir("./166") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5901] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5901] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5902], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5902 [pid 5901] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5902 attached ) = 0 [pid 5901] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5902] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5902] memfd_create("syzkaller", 0) = 3 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5902] munmap(0x7f4000487000, 1048576) = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5902] close(3) = 0 [pid 5902] mkdir("./file0", 0777) = 0 [pid 5902] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] chdir("./file0") = 0 [pid 5902] ioctl(4, LOOP_CLR_FD) = 0 [pid 5902] close(4) = 0 [pid 5902] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = 0 [pid 5901] <... futex resumed>) = 1 [pid 5902] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5901] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... openat resumed>) = 4 [pid 5902] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5902] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] <... futex resumed>) = 0 [pid 5902] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5901] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... ioctl resumed>) = 0 [pid 5901] <... futex resumed>) = 0 [pid 5902] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5901] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5905], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5905 [pid 5901] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = 0 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5905 attached [pid 5905] set_robust_list(0x7f40005869e0, 24 [pid 5902] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... set_robust_list resumed>) = 0 [pid 5905] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5905] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5905] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5901] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5902] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] <... futex resumed>) = 0 [pid 5901] exit_group(0 [pid 5902] <... futex resumed>) = ? [pid 5901] <... exit_group resumed>) = ? [pid 5902] +++ exited with 0 +++ [pid 5905] <... futex resumed>) = ? [pid 5905] +++ exited with 0 +++ [pid 5901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./166/binderfs") = 0 [ 69.427755][ T5902] loop0: detected capacity change from 0 to 2048 [ 69.437168][ T5902] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5906 ./strace-static-x86_64: Process 5906 attached [pid 5906] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5906] chdir("./167") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5906] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5906] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5907], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5907 [pid 5906] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5907 attached [pid 5907] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5907] memfd_create("syzkaller", 0) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5907] munmap(0x7f4000487000, 1048576) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5907] close(3) = 0 [pid 5907] mkdir("./file0", 0777) = 0 [pid 5907] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5907] chdir("./file0") = 0 [pid 5907] ioctl(4, LOOP_CLR_FD) = 0 [pid 5907] close(4) = 0 [pid 5907] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... futex resumed>) = 1 [pid 5907] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5907] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5906] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5906] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5910], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5910 [pid 5906] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... futex resumed>) = 0 [pid 5907] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 5910 attached ) = 0 [pid 5910] set_robust_list(0x7f40005869e0, 24 [pid 5907] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] <... set_robust_list resumed>) = 0 [pid 5907] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 69.539558][ T5907] loop0: detected capacity change from 0 to 2048 [ 69.548877][ T5907] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5910] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = 0 [pid 5910] <... futex resumed>) = 1 [pid 5906] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5907] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5906] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... write resumed>) = 7 [pid 5907] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] exit_group(0 [pid 5910] <... futex resumed>) = ? [pid 5907] <... futex resumed>) = ? [pid 5906] <... exit_group resumed>) = ? [pid 5910] +++ exited with 0 +++ [pid 5907] +++ exited with 0 +++ [pid 5906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./167/binderfs") = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5911 ./strace-static-x86_64: Process 5911 attached [pid 5911] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5911] chdir("./168") = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5911] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5911] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5912 attached , parent_tid=[5912], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5912 [pid 5912] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5912] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5912] memfd_create("syzkaller", 0 [pid 5911] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5912] <... memfd_create resumed>) = 3 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5912] munmap(0x7f4000487000, 1048576) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5912] close(3) = 0 [pid 5912] mkdir("./file0", 0777) = 0 [pid 5912] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5912] chdir("./file0") = 0 [pid 5912] ioctl(4, LOOP_CLR_FD) = 0 [pid 5912] close(4) = 0 [pid 5912] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... futex resumed>) = 1 [pid 5912] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5912] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5912] <... futex resumed>) = 1 [pid 5911] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5912] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5911] <... mprotect resumed>) = 0 [pid 5912] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5915 attached [pid 5911] <... clone resumed>, parent_tid=[5915], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5915 [pid 5911] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5915] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5915] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5912] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5911] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] <... write resumed>) = 7 [pid 5912] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5912] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] exit_group(0 [pid 5912] <... futex resumed>) = ? [pid 5911] <... exit_group resumed>) = ? [pid 5915] <... futex resumed>) = ? [pid 5912] +++ exited with 0 +++ [pid 5915] +++ exited with 0 +++ [pid 5911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 [ 69.656420][ T5912] loop0: detected capacity change from 0 to 2048 [ 69.665945][ T5912] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./168/binderfs") = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5916 ./strace-static-x86_64: Process 5916 attached [pid 5916] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5916] chdir("./169") = 0 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5916] setpgid(0, 0) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5916] write(3, "1000", 4) = 4 [pid 5916] close(3) = 0 [pid 5916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5916] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5916] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5916] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5917], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5917 ./strace-static-x86_64: Process 5917 attached [pid 5917] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5917] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5917] memfd_create("syzkaller", 0 [pid 5916] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5917] <... memfd_create resumed>) = 3 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5917] munmap(0x7f4000487000, 1048576) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5917] close(3) = 0 [pid 5917] mkdir("./file0", 0777) = 0 [pid 5917] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5917] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5917] chdir("./file0") = 0 [pid 5917] ioctl(4, LOOP_CLR_FD) = 0 [pid 5917] close(4) = 0 [pid 5917] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5916] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... futex resumed>) = 1 [pid 5917] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5917] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5916] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5916] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5916] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5920], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5920 [pid 5916] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... futex resumed>) = 1 [pid 5917] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5917] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5920 attached [pid 5920] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5920] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5920] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5916] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = 1 [pid 5917] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5916] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... write resumed>) = 7 [pid 5917] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5917] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] exit_group(0 [pid 5917] <... futex resumed>) = ? [pid 5916] <... exit_group resumed>) = ? [pid 5917] +++ exited with 0 +++ [pid 5920] <... futex resumed>) = ? [pid 5920] +++ exited with 0 +++ [pid 5916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./169/binderfs") = 0 [ 69.764500][ T5917] loop0: detected capacity change from 0 to 2048 [ 69.773936][ T5917] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5921 ./strace-static-x86_64: Process 5921 attached [pid 5921] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5921] chdir("./170") = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5921] setpgid(0, 0) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5921] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5921] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5921] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5922], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5922 [pid 5921] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5922 attached [pid 5922] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5922] memfd_create("syzkaller", 0) = 3 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5922] munmap(0x7f4000487000, 1048576) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5922] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5922] close(3) = 0 [pid 5922] mkdir("./file0", 0777) = 0 [pid 5922] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5922] chdir("./file0") = 0 [pid 5922] ioctl(4, LOOP_CLR_FD) = 0 [pid 5922] close(4) = 0 [pid 5922] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5922] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... futex resumed>) = 0 [pid 5922] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5921] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... openat resumed>) = 4 [pid 5922] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5922] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... futex resumed>) = 0 [pid 5922] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5921] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... ioctl resumed>) = 0 [pid 5921] <... futex resumed>) = 0 [pid 5922] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5922] <... futex resumed>) = 0 [pid 5921] <... mmap resumed>) = 0x7f4000566000 [pid 5922] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5921] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5925], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5925 [pid 5921] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5925 attached [pid 5925] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5925] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5925] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5921] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [pid 5922] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5921] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... futex resumed>) = 1 [pid 5925] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] <... write resumed>) = 7 [pid 5922] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5922] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] exit_group(0 [pid 5922] <... futex resumed>) = ? [pid 5921] <... exit_group resumed>) = ? [pid 5922] +++ exited with 0 +++ [pid 5925] <... futex resumed>) = ? [pid 5925] +++ exited with 0 +++ [pid 5921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./170/binderfs") = 0 [ 69.869332][ T5922] loop0: detected capacity change from 0 to 2048 [ 69.880370][ T5922] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5926 ./strace-static-x86_64: Process 5926 attached [pid 5926] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5926] chdir("./171") = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4) = 4 [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5926] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5926] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5927], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5927 [pid 5926] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5927 attached [pid 5927] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5927] memfd_create("syzkaller", 0) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5927] munmap(0x7f4000487000, 1048576) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] close(3) = 0 [pid 5927] mkdir("./file0", 0777) = 0 [pid 5927] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./file0") = 0 [pid 5927] ioctl(4, LOOP_CLR_FD) = 0 [pid 5927] close(4) = 0 [pid 5927] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5927] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5926] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5926] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5930 attached [pid 5927] <... ioctl resumed>) = 0 [pid 5926] <... clone resumed>, parent_tid=[5930], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5930 [pid 5927] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 0 [pid 5930] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5930] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5930] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 1 [pid 5927] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5926] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... write resumed>) = 7 [pid 5927] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] exit_group(0 [pid 5927] <... futex resumed>) = ? [pid 5926] <... exit_group resumed>) = ? [pid 5930] <... futex resumed>) = ? [pid 5927] +++ exited with 0 +++ [pid 5930] +++ exited with 0 +++ [pid 5926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./171/binderfs") = 0 [ 69.973672][ T5927] loop0: detected capacity change from 0 to 2048 [ 69.983377][ T5927] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5931 ./strace-static-x86_64: Process 5931 attached [pid 5931] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5931] chdir("./172") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5931] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5932], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5932 [pid 5931] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5932 attached [pid 5932] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5932] memfd_create("syzkaller", 0) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5932] munmap(0x7f4000487000, 1048576) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5932] close(3) = 0 [pid 5932] mkdir("./file0", 0777) = 0 [pid 5932] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./file0") = 0 [pid 5932] ioctl(4, LOOP_CLR_FD) = 0 [pid 5932] close(4) = 0 [pid 5932] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... futex resumed>) = 1 [pid 5932] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5932] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5932] <... futex resumed>) = 0 [pid 5931] <... mmap resumed>) = 0x7f4000566000 [pid 5932] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5931] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5932] <... ioctl resumed>) = 0 [pid 5931] <... mprotect resumed>) = 0 [pid 5932] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5935], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5935 [pid 5931] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5935 attached [pid 5935] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5935] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5935] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = 0 [pid 5931] <... futex resumed>) = 1 [pid 5932] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5931] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... futex resumed>) = 1 [pid 5935] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] <... write resumed>) = 7 [pid 5932] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [ 70.079208][ T5932] loop0: detected capacity change from 0 to 2048 [ 70.089010][ T5932] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5932] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] exit_group(0 [pid 5932] <... futex resumed>) = ? [pid 5931] <... exit_group resumed>) = ? [pid 5935] <... futex resumed>) = ? [pid 5932] +++ exited with 0 +++ [pid 5935] +++ exited with 0 +++ [pid 5931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./172/binderfs") = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5936 ./strace-static-x86_64: Process 5936 attached [pid 5936] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5936] chdir("./173") = 0 [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5936] setpgid(0, 0) = 0 [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5936] write(3, "1000", 4) = 4 [pid 5936] close(3) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5936] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5936] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5936] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5937], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5937 [pid 5936] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5937 attached [pid 5937] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5937] memfd_create("syzkaller", 0) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5937] munmap(0x7f4000487000, 1048576) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5937] close(3) = 0 [pid 5937] mkdir("./file0", 0777) = 0 [pid 5937] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5937] chdir("./file0") = 0 [pid 5937] ioctl(4, LOOP_CLR_FD) = 0 [pid 5937] close(4) = 0 [pid 5937] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5937] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5936] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... openat resumed>) = 4 [pid 5937] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5937] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5936] <... futex resumed>) = 0 [pid 5937] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5936] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5937] <... ioctl resumed>) = 0 [pid 5936] <... mmap resumed>) = 0x7f4000566000 [pid 5937] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5937] <... futex resumed>) = 0 [ 70.192774][ T5937] loop0: detected capacity change from 0 to 2048 [ 70.202900][ T5937] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5937] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] <... mprotect resumed>) = 0 [pid 5936] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5940], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5940 ./strace-static-x86_64: Process 5940 attached [pid 5936] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5940] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5940] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = 0 [pid 5936] <... futex resumed>) = 1 [pid 5940] <... futex resumed>) = 1 [pid 5937] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5936] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5937] <... write resumed>) = 7 [pid 5937] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5937] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] exit_group(0 [pid 5940] <... futex resumed>) = ? [pid 5937] <... futex resumed>) = ? [pid 5936] <... exit_group resumed>) = ? [pid 5940] +++ exited with 0 +++ [pid 5937] +++ exited with 0 +++ [pid 5936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./173/binderfs") = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5941 ./strace-static-x86_64: Process 5941 attached [pid 5941] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5941] chdir("./174") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5941] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5941] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5942 attached [pid 5942] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5941] <... clone resumed>, parent_tid=[5942], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5942 [pid 5941] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] memfd_create("syzkaller", 0 [pid 5941] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5942] <... memfd_create resumed>) = 3 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5942] munmap(0x7f4000487000, 1048576) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5942] close(3) = 0 [pid 5942] mkdir("./file0", 0777) = 0 [pid 5942] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5942] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5942] chdir("./file0") = 0 [pid 5942] ioctl(4, LOOP_CLR_FD) = 0 [pid 5942] close(4) = 0 [pid 5942] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... futex resumed>) = 0 [pid 5942] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5942] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5941] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5945 attached [pid 5942] <... futex resumed>) = 1 [pid 5941] <... clone resumed>, parent_tid=[5945], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5945 [pid 5941] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] set_robust_list(0x7f40005869e0, 24 [pid 5942] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5942] <... ioctl resumed>) = 0 [pid 5945] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5942] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] <... openat resumed>) = 5 [pid 5945] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... futex resumed>) = 0 [pid 5942] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5945] <... futex resumed>) = 1 [pid 5945] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... write resumed>) = 7 [pid 5942] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5941] exit_group(0 [pid 5945] <... futex resumed>) = ? [pid 5941] <... exit_group resumed>) = ? [pid 5945] +++ exited with 0 +++ [pid 5942] <... futex resumed>) = ? [pid 5942] +++ exited with 0 +++ [pid 5941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./174/binderfs") = 0 [ 70.312119][ T5942] loop0: detected capacity change from 0 to 2048 [ 70.321862][ T5942] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5946 ./strace-static-x86_64: Process 5946 attached [pid 5946] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5946] chdir("./175") = 0 [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5946] setpgid(0, 0) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5946] write(3, "1000", 4) = 4 [pid 5946] close(3) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5946] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5946] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5946] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5947 attached , parent_tid=[5947], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5947 [pid 5947] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5947] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5947] memfd_create("syzkaller", 0) = 3 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5946] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5947] <... mmap resumed>) = 0x7f4000487000 [pid 5947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5947] munmap(0x7f4000487000, 1048576) = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5947] close(3) = 0 [pid 5947] mkdir("./file0", 0777) = 0 [pid 5947] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5947] chdir("./file0") = 0 [pid 5947] ioctl(4, LOOP_CLR_FD) = 0 [pid 5947] close(4) = 0 [pid 5947] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... futex resumed>) = 1 [pid 5947] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5947] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5946] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5946] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5950], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5950 [pid 5946] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... futex resumed>) = 1 [pid 5947] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5947] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5950 attached [pid 5950] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5950] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5950] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... futex resumed>) = 0 [pid 5947] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5950] <... futex resumed>) = 1 [pid 5950] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... write resumed>) = 7 [pid 5947] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5947] <... futex resumed>) = 1 [pid 5946] exit_group(0 [pid 5950] <... futex resumed>) = ? [pid 5946] <... exit_group resumed>) = ? [pid 5950] +++ exited with 0 +++ [pid 5947] +++ exited with 0 +++ [pid 5946] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./175/binderfs") = 0 [ 70.427279][ T5947] loop0: detected capacity change from 0 to 2048 [ 70.436572][ T5947] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5951 ./strace-static-x86_64: Process 5951 attached [pid 5951] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5951] chdir("./176") = 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5951] setpgid(0, 0) = 0 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5951] write(3, "1000", 4) = 4 [pid 5951] close(3) = 0 [pid 5951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5951] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5951] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5951] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5952 attached , parent_tid=[5952], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5952 [pid 5952] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5951] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5952] memfd_create("syzkaller", 0) = 3 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5951] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5952] munmap(0x7f4000487000, 1048576) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5952] close(3) = 0 [pid 5952] mkdir("./file0", 0777) = 0 [pid 5952] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5952] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5952] chdir("./file0") = 0 [pid 5952] ioctl(4, LOOP_CLR_FD) = 0 [pid 5952] close(4) = 0 [pid 5952] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... futex resumed>) = 1 [pid 5952] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5952] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5951] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5951] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5955], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5955 [pid 5951] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... futex resumed>) = 1 [pid 5952] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5952] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5952] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5955 attached [pid 5955] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5955] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5955] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... futex resumed>) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5952] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5955] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] <... write resumed>) = 7 [pid 5952] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5952] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] exit_group(0) = ? [pid 5952] <... futex resumed>) = ? [pid 5952] +++ exited with 0 +++ [pid 5955] <... futex resumed>) = ? [pid 5955] +++ exited with 0 +++ [pid 5951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./176/binderfs") = 0 [ 70.528738][ T5952] loop0: detected capacity change from 0 to 2048 [ 70.538100][ T5952] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5956 ./strace-static-x86_64: Process 5956 attached [pid 5956] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5956] chdir("./177") = 0 [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5956] setpgid(0, 0) = 0 [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5956] write(3, "1000", 4) = 4 [pid 5956] close(3) = 0 [pid 5956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5956] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5956] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5957], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5957 [pid 5956] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5957 attached [pid 5957] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5957] memfd_create("syzkaller", 0) = 3 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5957] munmap(0x7f4000487000, 1048576) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5957] close(3) = 0 [pid 5957] mkdir("./file0", 0777) = 0 [pid 5957] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] chdir("./file0") = 0 [pid 5957] ioctl(4, LOOP_CLR_FD) = 0 [pid 5957] close(4) = 0 [pid 5957] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5957] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5956] <... futex resumed>) = 0 [pid 5957] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5956] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... openat resumed>) = 4 [pid 5957] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5957] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5956] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... ioctl resumed>) = 0 [pid 5956] <... futex resumed>) = 0 [pid 5957] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = 0 [pid 5956] <... futex resumed>) = 0 [pid 5957] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5956] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5960], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5960 [pid 5956] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5960 attached [pid 5960] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5960] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5960] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = 0 [pid 5956] <... futex resumed>) = 1 [pid 5957] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5956] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... write resumed>) = 7 [pid 5957] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5957] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] exit_group(0 [pid 5957] <... futex resumed>) = ? [pid 5956] <... exit_group resumed>) = ? [pid 5957] +++ exited with 0 +++ [pid 5960] <... futex resumed>) = ? [pid 5960] +++ exited with 0 +++ [pid 5956] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 70.633309][ T5957] loop0: detected capacity change from 0 to 2048 [ 70.648004][ T5957] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./177/binderfs") = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5961 ./strace-static-x86_64: Process 5961 attached [pid 5961] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5961] chdir("./178") = 0 [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5961] setpgid(0, 0) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5961] write(3, "1000", 4) = 4 [pid 5961] close(3) = 0 [pid 5961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5961] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5961] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5961] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5962], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5962 [pid 5961] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5962 attached [pid 5962] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5962] memfd_create("syzkaller", 0) = 3 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5962] munmap(0x7f4000487000, 1048576) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5962] close(3) = 0 [pid 5962] mkdir("./file0", 0777) = 0 [pid 5962] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5962] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5962] chdir("./file0") = 0 [pid 5962] ioctl(4, LOOP_CLR_FD) = 0 [pid 5962] close(4) = 0 [pid 5962] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5961] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5961] <... futex resumed>) = 0 [pid 5961] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5962] <... openat resumed>) = 4 [pid 5962] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5961] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5961] <... futex resumed>) = 0 [pid 5962] <... ioctl resumed>) = 0 [pid 5961] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5962] <... futex resumed>) = 0 [pid 5961] <... mmap resumed>) = 0x7f4000566000 [pid 5962] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5961] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5965 attached , parent_tid=[5965], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5965 [pid 5961] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5965] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5965] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5965] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = 0 [ 70.803249][ T5962] loop0: detected capacity change from 0 to 2048 [ 70.813454][ T5962] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5961] <... futex resumed>) = 1 [pid 5962] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5961] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5962] <... write resumed>) = 7 [pid 5962] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5961] exit_group(0 [pid 5962] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] <... futex resumed>) = ? [pid 5962] <... futex resumed>) = ? [pid 5961] <... exit_group resumed>) = ? [pid 5962] +++ exited with 0 +++ [pid 5965] +++ exited with 0 +++ [pid 5961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./178/binderfs") = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5966 ./strace-static-x86_64: Process 5966 attached [pid 5966] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5966] chdir("./179") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5966] write(3, "1000", 4) = 4 [pid 5966] close(3) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5966] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5966] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5967], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5967 [pid 5966] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5967 attached [pid 5967] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5967] memfd_create("syzkaller", 0) = 3 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5967] munmap(0x7f4000487000, 1048576) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5967] close(3) = 0 [pid 5967] mkdir("./file0", 0777) = 0 [pid 5967] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5967] chdir("./file0") = 0 [pid 5967] ioctl(4, LOOP_CLR_FD) = 0 [pid 5967] close(4) = 0 [pid 5967] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5967] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5966] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5970], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5970 [pid 5966] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... ioctl resumed>) = 0 [pid 5967] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5970 attached [ 70.954373][ T5967] loop0: detected capacity change from 0 to 2048 [ 70.964405][ T5967] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5970] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5970] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5970] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5970] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 0 [pid 5967] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5967] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] exit_group(0 [pid 5970] <... futex resumed>) = ? [pid 5967] <... futex resumed>) = ? [pid 5966] <... exit_group resumed>) = ? [pid 5970] +++ exited with 0 +++ [pid 5967] +++ exited with 0 +++ [pid 5966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./179/binderfs") = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5971 ./strace-static-x86_64: Process 5971 attached [pid 5971] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5971] chdir("./180") = 0 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5971] setpgid(0, 0) = 0 [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5971] write(3, "1000", 4) = 4 [pid 5971] close(3) = 0 [pid 5971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5971] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5971] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5971] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5972], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5972 [pid 5971] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5972 attached [pid 5972] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5972] memfd_create("syzkaller", 0) = 3 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5972] munmap(0x7f4000487000, 1048576) = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5972] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5972] close(3) = 0 [pid 5972] mkdir("./file0", 0777) = 0 [pid 5972] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5972] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5972] chdir("./file0") = 0 [pid 5972] ioctl(4, LOOP_CLR_FD) = 0 [pid 5972] close(4) = 0 [pid 5972] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5971] <... futex resumed>) = 1 [pid 5972] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5971] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] <... openat resumed>) = 4 [pid 5972] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5972] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5971] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... ioctl resumed>) = 0 [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5972] <... futex resumed>) = 0 [pid 5971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5972] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] <... mmap resumed>) = 0x7f4000566000 [pid 5971] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5971] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5975], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5975 ./strace-static-x86_64: Process 5975 attached [ 71.101291][ T5972] loop0: detected capacity change from 0 to 2048 [ 71.112993][ T5972] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5971] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5975] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5975] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5971] <... futex resumed>) = 1 [pid 5972] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5971] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] <... write resumed>) = 7 [pid 5972] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5975] <... futex resumed>) = 1 [pid 5972] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] exit_group(0 [pid 5972] <... futex resumed>) = ? [pid 5971] <... exit_group resumed>) = ? [pid 5975] +++ exited with 0 +++ [pid 5972] +++ exited with 0 +++ [pid 5971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5971, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./180/binderfs") = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5976 ./strace-static-x86_64: Process 5976 attached [pid 5976] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5976] chdir("./181") = 0 [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5976] setpgid(0, 0) = 0 [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5976] write(3, "1000", 4) = 4 [pid 5976] close(3) = 0 [pid 5976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5976] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5976] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5976] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5977 attached , parent_tid=[5977], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5977 [pid 5976] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5977] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5977] memfd_create("syzkaller", 0) = 3 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5977] munmap(0x7f4000487000, 1048576) = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5977] close(3) = 0 [pid 5977] mkdir("./file0", 0777) = 0 [pid 5977] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5977] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5977] chdir("./file0") = 0 [pid 5977] ioctl(4, LOOP_CLR_FD) = 0 [pid 5977] close(4) = 0 [pid 5977] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5977] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5976] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... openat resumed>) = 4 [pid 5977] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5976] <... futex resumed>) = 0 [pid 5977] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5976] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... ioctl resumed>) = 0 [pid 5976] <... futex resumed>) = 0 [pid 5976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5976] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5976] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5977] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... clone resumed>, parent_tid=[5980], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5980 [pid 5977] <... futex resumed>) = 0 [pid 5976] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5980 attached [pid 5980] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5980] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5980] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 1 [pid 5976] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] <... futex resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5977] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [ 71.229317][ T5977] loop0: detected capacity change from 0 to 2048 [ 71.238869][ T5977] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5976] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... write resumed>) = 7 [pid 5977] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] exit_group(0 [pid 5977] <... futex resumed>) = ? [pid 5976] <... exit_group resumed>) = ? [pid 5980] <... futex resumed>) = ? [pid 5977] +++ exited with 0 +++ [pid 5980] +++ exited with 0 +++ [pid 5976] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./181/binderfs") = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5981 ./strace-static-x86_64: Process 5981 attached [pid 5981] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5981] chdir("./182") = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0) = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5981] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5981] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5981] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5982 attached , parent_tid=[5982], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5982 [pid 5981] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5982] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5982] memfd_create("syzkaller", 0) = 3 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5982] munmap(0x7f4000487000, 1048576) = 0 [pid 5982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5982] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5982] close(3) = 0 [pid 5982] mkdir("./file0", 0777) = 0 [pid 5982] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5982] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5982] chdir("./file0") = 0 [pid 5982] ioctl(4, LOOP_CLR_FD) = 0 [pid 5982] close(4) = 0 [pid 5982] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... futex resumed>) = 1 [pid 5982] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5982] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] <... futex resumed>) = 1 [pid 5981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5982] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5981] <... mmap resumed>) = 0x7f4000566000 [pid 5982] <... ioctl resumed>) = 0 [pid 5981] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 5982] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... mprotect resumed>) = 0 [pid 5982] <... futex resumed>) = 0 [pid 5981] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5982] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] <... clone resumed>, parent_tid=[5985], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5985 [pid 5981] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5985 attached [pid 5985] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5985] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5985] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] <... futex resumed>) = 0 [pid 5985] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... futex resumed>) = 0 [pid 5982] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5982] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] <... futex resumed>) = 0 [pid 5982] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] exit_group(0 [pid 5985] <... futex resumed>) = ? [pid 5982] <... futex resumed>) = ? [pid 5981] <... exit_group resumed>) = ? [pid 5982] +++ exited with 0 +++ [pid 5985] +++ exited with 0 +++ [pid 5981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 [ 71.353859][ T5982] loop0: detected capacity change from 0 to 2048 [ 71.363205][ T5982] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./182/binderfs") = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5986 ./strace-static-x86_64: Process 5986 attached [pid 5986] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5986] chdir("./183") = 0 [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5986] setpgid(0, 0) = 0 [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5986] write(3, "1000", 4) = 4 [pid 5986] close(3) = 0 [pid 5986] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5986] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5986] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5986] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5987], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5987 ./strace-static-x86_64: Process 5987 attached [pid 5986] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5987] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5987] memfd_create("syzkaller", 0) = 3 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5987] munmap(0x7f4000487000, 1048576) = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5987] close(3) = 0 [pid 5987] mkdir("./file0", 0777) = 0 [pid 5987] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5987] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5987] chdir("./file0") = 0 [pid 5987] ioctl(4, LOOP_CLR_FD) = 0 [pid 5987] close(4) = 0 [pid 5987] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... futex resumed>) = 1 [pid 5987] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5987] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5986] <... futex resumed>) = 1 [pid 5986] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5987] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5986] <... mmap resumed>) = 0x7f4000566000 [pid 5987] <... ioctl resumed>) = 0 [pid 5986] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5987] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... clone resumed>, parent_tid=[5990], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5990 [pid 5986] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5990 attached [pid 5990] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5990] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5990] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5990] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5986] <... futex resumed>) = 1 [pid 5987] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5986] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... write resumed>) = 7 [pid 5987] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5987] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] exit_group(0 [pid 5990] <... futex resumed>) = ? [pid 5987] <... futex resumed>) = ? [pid 5986] <... exit_group resumed>) = ? [pid 5990] +++ exited with 0 +++ [pid 5987] +++ exited with 0 +++ [pid 5986] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5986, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 71.458347][ T5987] loop0: detected capacity change from 0 to 2048 [ 71.468098][ T5987] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE unlink("./183/binderfs") = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 5991 ./strace-static-x86_64: Process 5991 attached [pid 5991] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5991] chdir("./184") = 0 [pid 5991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5991] setpgid(0, 0) = 0 [pid 5991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5991] write(3, "1000", 4) = 4 [pid 5991] close(3) = 0 [pid 5991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5991] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5991] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5991] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5992 attached , parent_tid=[5992], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5992 [pid 5992] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5992] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5992] <... futex resumed>) = 0 [pid 5991] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5992] memfd_create("syzkaller", 0) = 3 [pid 5992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5992] munmap(0x7f4000487000, 1048576) = 0 [pid 5992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5992] close(3) = 0 [pid 5992] mkdir("./file0", 0777) = 0 [pid 5992] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5992] chdir("./file0") = 0 [pid 5992] ioctl(4, LOOP_CLR_FD) = 0 [pid 5992] close(4) = 0 [pid 5992] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5991] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5991] <... futex resumed>) = 0 [pid 5991] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] <... openat resumed>) = 4 [pid 5992] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5991] <... futex resumed>) = 0 [pid 5991] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5991] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5991] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5995], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 5995 [pid 5991] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] <... futex resumed>) = 1 [pid 5992] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 5992] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5995 attached [pid 5995] set_robust_list(0x7f40005869e0, 24) = 0 [pid 5995] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5995] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5991] <... futex resumed>) = 0 [pid 5991] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] <... futex resumed>) = 0 [pid 5992] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 5992] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5991] <... futex resumed>) = 0 [pid 5991] exit_group(0) = ? [ 71.558651][ T5992] loop0: detected capacity change from 0 to 2048 [ 71.568821][ T5992] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5992] <... futex resumed>) = ? [pid 5992] +++ exited with 0 +++ [pid 5995] <... futex resumed>) = ? [pid 5995] +++ exited with 0 +++ [pid 5991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5991, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./184/binderfs") = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./184/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5996 attached , child_tidptr=0x5555570c15d0) = 5996 [pid 5996] set_robust_list(0x5555570c15e0, 24) = 0 [pid 5996] chdir("./185") = 0 [pid 5996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5996] setpgid(0, 0) = 0 [pid 5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5996] write(3, "1000", 4) = 4 [pid 5996] close(3) = 0 [pid 5996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5996] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 5996] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5996] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5997 attached [pid 5997] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 5997] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] <... clone resumed>, parent_tid=[5997], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 5997 [pid 5996] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5997] <... futex resumed>) = 0 [pid 5997] memfd_create("syzkaller", 0 [pid 5996] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5997] <... memfd_create resumed>) = 3 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 5997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5997] munmap(0x7f4000487000, 1048576) = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5997] close(3) = 0 [pid 5997] mkdir("./file0", 0777) = 0 [pid 5997] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 5997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5997] chdir("./file0") = 0 [pid 5997] ioctl(4, LOOP_CLR_FD) = 0 [pid 5997] close(4) = 0 [pid 5997] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5996] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] <... openat resumed>) = 4 [pid 5997] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 5996] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... ioctl resumed>) = 0 [pid 5996] <... futex resumed>) = 0 [pid 5997] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 5996] <... futex resumed>) = 0 [pid 5997] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 5996] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5996] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6000], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6000 [pid 5996] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6000 attached [pid 6000] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6000] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6000] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 0 [pid 6000] <... futex resumed>) = 1 [pid 5996] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 5996] <... futex resumed>) = 1 [pid 6000] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 5996] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] <... write resumed>) = 7 [pid 5997] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] exit_group(0 [pid 5997] <... futex resumed>) = ? [pid 5996] <... exit_group resumed>) = ? [pid 6000] <... futex resumed>) = ? [pid 6000] +++ exited with 0 +++ [pid 5997] +++ exited with 0 +++ [ 71.678005][ T5997] loop0: detected capacity change from 0 to 2048 [ 71.687942][ T5997] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./185/binderfs") = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./185/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6001 ./strace-static-x86_64: Process 6001 attached [pid 6001] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6001] chdir("./186") = 0 [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6001] setpgid(0, 0) = 0 [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6001] write(3, "1000", 4) = 4 [pid 6001] close(3) = 0 [pid 6001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6001] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6001] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6001] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6002], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6002 [pid 6001] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6002 attached [pid 6002] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6002] memfd_create("syzkaller", 0) = 3 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6002] munmap(0x7f4000487000, 1048576) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6002] close(3) = 0 [pid 6002] mkdir("./file0", 0777) = 0 [pid 6002] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6002] chdir("./file0") = 0 [pid 6002] ioctl(4, LOOP_CLR_FD) = 0 [pid 6002] close(4) = 0 [pid 6002] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] <... futex resumed>) = 1 [pid 6002] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6002] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6002] <... futex resumed>) = 1 [pid 6001] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 6002] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 6001] <... mprotect resumed>) = 0 [pid 6002] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6005 attached [pid 6001] <... clone resumed>, parent_tid=[6005], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6005 [pid 6005] set_robust_list(0x7f40005869e0, 24 [pid 6001] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... set_robust_list resumed>) = 0 [pid 6001] <... futex resumed>) = 0 [pid 6005] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6001] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... openat resumed>) = 5 [pid 6005] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6001] <... futex resumed>) = 1 [pid 6002] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6001] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... futex resumed>) = 1 [pid 6005] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] <... write resumed>) = 7 [pid 6002] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] <... futex resumed>) = 0 [pid 6002] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] exit_group(0) = ? [pid 6002] <... futex resumed>) = ? [pid 6005] <... futex resumed>) = ? [pid 6002] +++ exited with 0 +++ [pid 6005] +++ exited with 0 +++ [pid 6001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6001, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./186/binderfs") = 0 [ 71.792441][ T6002] loop0: detected capacity change from 0 to 2048 [ 71.801942][ T6002] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./186/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6006 ./strace-static-x86_64: Process 6006 attached [pid 6006] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6006] chdir("./187") = 0 [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6006] setpgid(0, 0) = 0 [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6006] write(3, "1000", 4) = 4 [pid 6006] close(3) = 0 [pid 6006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6006] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6006] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6006] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6007 attached [pid 6007] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6007] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] <... clone resumed>, parent_tid=[6007], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6007 [pid 6006] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6007] memfd_create("syzkaller", 0 [pid 6006] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6007] <... memfd_create resumed>) = 3 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6007] munmap(0x7f4000487000, 1048576) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6007] close(3) = 0 [pid 6007] mkdir("./file0", 0777) = 0 [pid 6007] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6007] chdir("./file0") = 0 [pid 6007] ioctl(4, LOOP_CLR_FD) = 0 [pid 6007] close(4) = 0 [pid 6007] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6006] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6007] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6006] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6006] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6007] <... futex resumed>) = 1 [pid 6006] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6007] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 6006] <... clone resumed>, parent_tid=[6010], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6010 [pid 6006] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6007] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] <... futex resumed>) = 0 [pid 6007] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6010 attached [pid 6010] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6010] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6010] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6006] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] <... futex resumed>) = 0 [pid 6006] <... futex resumed>) = 1 [pid 6007] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6006] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... futex resumed>) = 1 [pid 6010] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6007] <... write resumed>) = 7 [pid 6007] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6007] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] exit_group(0 [pid 6007] <... futex resumed>) = ? [pid 6006] <... exit_group resumed>) = ? [pid 6007] +++ exited with 0 +++ [pid 6010] <... futex resumed>) = ? [pid 6010] +++ exited with 0 +++ [pid 6006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./187/binderfs") = 0 [ 71.896676][ T6007] loop0: detected capacity change from 0 to 2048 [ 71.906572][ T6007] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./187/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6011 ./strace-static-x86_64: Process 6011 attached [pid 6011] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6011] chdir("./188") = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0) = 0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6011] write(3, "1000", 4) = 4 [pid 6011] close(3) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6011] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6011] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6011] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6012], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6012 [pid 6011] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6012 attached [pid 6012] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6012] memfd_create("syzkaller", 0) = 3 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6012] munmap(0x7f4000487000, 1048576) = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6012] close(3) = 0 [pid 6012] mkdir("./file0", 0777) = 0 [pid 6012] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6012] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6012] chdir("./file0") = 0 [pid 6012] ioctl(4, LOOP_CLR_FD) = 0 [pid 6012] close(4) = 0 [pid 6012] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6012] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6011] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... openat resumed>) = 4 [pid 6012] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6012] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6011] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... ioctl resumed>) = 0 [pid 6011] <... futex resumed>) = 0 [pid 6012] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 0 [pid 6012] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6011] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6011] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6015], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6015 [pid 6011] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6015 attached [pid 6015] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6015] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6015] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6012] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6011] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] <... futex resumed>) = 1 [pid 6015] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6012] <... write resumed>) = 7 [pid 6012] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6012] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] exit_group(0 [pid 6012] <... futex resumed>) = ? [pid 6011] <... exit_group resumed>) = ? [pid 6012] +++ exited with 0 +++ [pid 6015] <... futex resumed>) = ? [pid 6015] +++ exited with 0 +++ [pid 6011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./188/binderfs") = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.001021][ T6012] loop0: detected capacity change from 0 to 2048 [ 72.010820][ T6012] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE lstat("./188/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6016 ./strace-static-x86_64: Process 6016 attached [pid 6016] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6016] chdir("./189") = 0 [pid 6016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6016] setpgid(0, 0) = 0 [pid 6016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6016] write(3, "1000", 4) = 4 [pid 6016] close(3) = 0 [pid 6016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6016] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6016] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6016] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6017 attached , parent_tid=[6017], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6017 [pid 6017] set_robust_list(0x7f40088a79e0, 24 [pid 6016] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... set_robust_list resumed>) = 0 [pid 6016] <... futex resumed>) = 0 [pid 6016] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6017] memfd_create("syzkaller", 0) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6017] munmap(0x7f4000487000, 1048576) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6017] close(3) = 0 [pid 6017] mkdir("./file0", 0777) = 0 [pid 6017] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6017] chdir("./file0") = 0 [pid 6017] ioctl(4, LOOP_CLR_FD) = 0 [pid 6017] close(4) = 0 [pid 6017] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] <... futex resumed>) = 0 [pid 6017] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6016] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] <... openat resumed>) = 4 [pid 6017] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... futex resumed>) = 0 [pid 6017] <... futex resumed>) = 1 [pid 6016] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6016] <... futex resumed>) = 0 [pid 6017] <... ioctl resumed>) = 0 [pid 6016] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... futex resumed>) = 0 [pid 6017] <... futex resumed>) = 0 [pid 6016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6017] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6016] <... mmap resumed>) = 0x7f4000566000 [pid 6016] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6016] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6020], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6020 [pid 6016] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6020 attached [pid 6020] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6020] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6020] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... futex resumed>) = 0 [pid 6020] <... futex resumed>) = 1 [pid 6016] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = 0 [pid 6016] <... futex resumed>) = 1 [pid 6020] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6016] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] <... write resumed>) = 7 [pid 6017] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] <... futex resumed>) = 0 [pid 6017] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6016] exit_group(0 [pid 6020] <... futex resumed>) = ? [pid 6017] <... futex resumed>) = ? [pid 6016] <... exit_group resumed>) = ? [pid 6020] +++ exited with 0 +++ [pid 6017] +++ exited with 0 +++ [pid 6016] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6016, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./189/binderfs") = 0 [ 72.094379][ T6017] loop0: detected capacity change from 0 to 2048 [ 72.105258][ T6017] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./189/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6021 ./strace-static-x86_64: Process 6021 attached [pid 6021] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6021] chdir("./190") = 0 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6021] setpgid(0, 0) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6021] write(3, "1000", 4) = 4 [pid 6021] close(3) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6021] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6021] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6021] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6022 attached , parent_tid=[6022], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6022 [pid 6022] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6022] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6021] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6022] memfd_create("syzkaller", 0 [pid 6021] <... futex resumed>) = 0 [pid 6022] <... memfd_create resumed>) = 3 [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6021] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6022] munmap(0x7f4000487000, 1048576) = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6022] close(3) = 0 [pid 6022] mkdir("./file0", 0777) = 0 [pid 6022] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6022] chdir("./file0") = 0 [pid 6022] ioctl(4, LOOP_CLR_FD) = 0 [pid 6022] close(4) = 0 [pid 6022] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] <... futex resumed>) = 1 [pid 6022] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6022] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6022] <... futex resumed>) = 1 [pid 6021] <... mmap resumed>) = 0x7f4000566000 [pid 6022] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6021] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6021] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6025], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6025 [pid 6021] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6025 attached [pid 6025] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6025] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6022] <... ioctl resumed>) = 0 [pid 6022] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6025] <... openat resumed>) = 5 [pid 6022] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] <... futex resumed>) = 1 [pid 6022] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6025] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] <... write resumed>) = 7 [pid 6022] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 0 [pid 6021] exit_group(0) = ? [pid 6022] <... futex resumed>) = ? [pid 6025] <... futex resumed>) = ? [ 72.210629][ T6022] loop0: detected capacity change from 0 to 2048 [ 72.220456][ T6022] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6025] +++ exited with 0 +++ [pid 6022] +++ exited with 0 +++ [pid 6021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./190/binderfs") = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./190/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6026 ./strace-static-x86_64: Process 6026 attached [pid 6026] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6026] chdir("./191") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6026] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6026] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6027], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6027 [pid 6026] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6027 attached [pid 6027] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6027] munmap(0x7f4000487000, 1048576) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] mkdir("./file0", 0777) = 0 [pid 6027] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("./file0") = 0 [pid 6027] ioctl(4, LOOP_CLR_FD) = 0 [pid 6027] close(4) = 0 [pid 6027] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 1 [pid 6027] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6027] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6026] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6030], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6030 [pid 6026] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 1 [pid 6027] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 6027] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6030 attached [pid 6030] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6030] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6030] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 0 [pid 6027] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 6027] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6026] exit_group(0) = ? [pid 6027] +++ exited with 0 +++ [pid 6030] <... futex resumed>) = ? [pid 6030] +++ exited with 0 +++ [pid 6026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./191/binderfs") = 0 [ 72.320965][ T6027] loop0: detected capacity change from 0 to 2048 [ 72.329886][ T6027] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./191/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6031 ./strace-static-x86_64: Process 6031 attached [pid 6031] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6031] chdir("./192") = 0 [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6031] setpgid(0, 0) = 0 [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6031] write(3, "1000", 4) = 4 [pid 6031] close(3) = 0 [pid 6031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6031] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6031] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6031] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6032], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6032 [pid 6031] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6032 attached [pid 6032] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6032] memfd_create("syzkaller", 0) = 3 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6032] munmap(0x7f4000487000, 1048576) = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6032] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6032] close(3) = 0 [pid 6032] mkdir("./file0", 0777) = 0 [pid 6032] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6032] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6032] chdir("./file0") = 0 [pid 6032] ioctl(4, LOOP_CLR_FD) = 0 [pid 6032] close(4) = 0 [pid 6032] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 0 [pid 6031] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... futex resumed>) = 1 [pid 6032] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6032] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6031] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6032] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6031] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [ 72.426268][ T6032] loop0: detected capacity change from 0 to 2048 [ 72.435434][ T6032] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6031] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6035], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6035 [pid 6031] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... ioctl resumed>) = 0 [pid 6031] <... futex resumed>) = 0 [pid 6031] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6035 attached [pid 6035] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6035] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6032] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... openat resumed>) = 5 [pid 6032] <... futex resumed>) = 0 [pid 6035] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6031] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6031] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6032] <... write resumed>) = 7 [pid 6032] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6032] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] exit_group(0 [pid 6035] <... futex resumed>) = ? [pid 6032] <... futex resumed>) = ? [pid 6031] <... exit_group resumed>) = ? [pid 6035] +++ exited with 0 +++ [pid 6032] +++ exited with 0 +++ [pid 6031] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6031, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./192/binderfs") = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./192/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6036 ./strace-static-x86_64: Process 6036 attached [pid 6036] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6036] chdir("./193") = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0) = 0 [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6036] write(3, "1000", 4) = 4 [pid 6036] close(3) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6036] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6036] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6036] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6037 attached , parent_tid=[6037], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6037 [pid 6036] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6037] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6037] memfd_create("syzkaller", 0) = 3 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6037] munmap(0x7f4000487000, 1048576) = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6037] close(3) = 0 [pid 6037] mkdir("./file0", 0777) = 0 [pid 6037] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6037] chdir("./file0") = 0 [pid 6037] ioctl(4, LOOP_CLR_FD) = 0 [pid 6037] close(4) = 0 [pid 6037] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6037] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6036] <... futex resumed>) = 0 [pid 6037] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6036] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... openat resumed>) = 4 [pid 6037] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6037] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6036] <... futex resumed>) = 0 [pid 6037] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6036] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... ioctl resumed>) = 0 [pid 6036] <... futex resumed>) = 0 [pid 6037] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6037] <... futex resumed>) = 0 [pid 6036] <... mmap resumed>) = 0x7f4000566000 [ 72.554056][ T6037] loop0: detected capacity change from 0 to 2048 [ 72.564025][ T6037] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6037] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6036] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6040 attached , parent_tid=[6040], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6040 [pid 6040] set_robust_list(0x7f40005869e0, 24 [pid 6036] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... set_robust_list resumed>) = 0 [pid 6036] <... futex resumed>) = 0 [pid 6040] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6036] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... openat resumed>) = 5 [pid 6040] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6040] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = 0 [pid 6036] <... futex resumed>) = 1 [pid 6037] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6036] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... write resumed>) = 7 [pid 6037] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6037] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] exit_group(0 [pid 6037] <... futex resumed>) = ? [pid 6036] <... exit_group resumed>) = ? [pid 6040] <... futex resumed>) = ? [pid 6037] +++ exited with 0 +++ [pid 6040] +++ exited with 0 +++ [pid 6036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./193/binderfs") = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./193/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6041 ./strace-static-x86_64: Process 6041 attached [pid 6041] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6041] chdir("./194") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6041] close(3) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6041] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6041] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6041] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6042 attached , parent_tid=[6042], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6042 [pid 6042] set_robust_list(0x7f40088a79e0, 24 [pid 6041] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... set_robust_list resumed>) = 0 [pid 6041] <... futex resumed>) = 0 [pid 6042] memfd_create("syzkaller", 0 [pid 6041] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6042] <... memfd_create resumed>) = 3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6042] munmap(0x7f4000487000, 1048576) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6042] close(3) = 0 [pid 6042] mkdir("./file0", 0777) = 0 [pid 6042] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6042] chdir("./file0") = 0 [pid 6042] ioctl(4, LOOP_CLR_FD) = 0 [pid 6042] close(4) = 0 [pid 6042] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] <... futex resumed>) = 0 [pid 6042] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6041] <... futex resumed>) = 0 [pid 6042] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6041] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] <... openat resumed>) = 4 [pid 6042] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] <... futex resumed>) = 0 [pid 6042] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6041] <... mmap resumed>) = 0x7f4000566000 [pid 6042] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6041] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6042] <... ioctl resumed>) = 0 [pid 6041] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6042] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] <... clone resumed>, parent_tid=[6045], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6045 [pid 6042] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6045 attached [pid 6045] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6045] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6045] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... futex resumed>) = 0 [pid 6041] <... futex resumed>) = 1 [pid 6042] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6041] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6045] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] <... write resumed>) = 7 [pid 6042] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] <... futex resumed>) = 0 [pid 6042] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] exit_group(0 [pid 6042] <... futex resumed>) = ? [pid 6041] <... exit_group resumed>) = ? [pid 6045] <... futex resumed>) = ? [pid 6042] +++ exited with 0 +++ [pid 6045] +++ exited with 0 +++ [pid 6041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./194/binderfs") = 0 [ 72.692252][ T6042] loop0: detected capacity change from 0 to 2048 [ 72.701557][ T6042] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./194/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6046 ./strace-static-x86_64: Process 6046 attached [pid 6046] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6046] chdir("./195") = 0 [pid 6046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6046] setpgid(0, 0) = 0 [pid 6046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6046] write(3, "1000", 4) = 4 [pid 6046] close(3) = 0 [pid 6046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6046] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6046] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6046] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6047], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6047 [pid 6046] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6047 attached [pid 6047] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6047] memfd_create("syzkaller", 0) = 3 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6047] munmap(0x7f4000487000, 1048576) = 0 [pid 6047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6047] close(3) = 0 [pid 6047] mkdir("./file0", 0777) = 0 [pid 6047] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6047] chdir("./file0") = 0 [pid 6047] ioctl(4, LOOP_CLR_FD) = 0 [pid 6047] close(4) = 0 [pid 6047] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6046] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6046] <... futex resumed>) = 0 [pid 6046] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... openat resumed>) = 4 [pid 6047] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] <... futex resumed>) = 0 [pid 6047] <... futex resumed>) = 1 [pid 6046] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6046] <... futex resumed>) = 0 [pid 6047] <... ioctl resumed>) = 0 [pid 6046] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6047] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] <... mmap resumed>) = 0x7f4000566000 [pid 6047] <... futex resumed>) = 0 [pid 6046] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 6047] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] <... mprotect resumed>) = 0 [pid 6046] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6050], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6050 [pid 6046] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6050 attached [pid 6050] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6050] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6050] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] <... futex resumed>) = 0 [pid 6046] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = 0 [pid 6046] <... futex resumed>) = 1 [pid 6047] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6046] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] <... futex resumed>) = 1 [pid 6050] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6047] <... write resumed>) = 7 [pid 6047] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6047] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] exit_group(0 [pid 6047] <... futex resumed>) = ? [pid 6046] <... exit_group resumed>) = ? [pid 6047] +++ exited with 0 +++ [pid 6050] <... futex resumed>) = ? [pid 6050] +++ exited with 0 +++ [pid 6046] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6046, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 72.793125][ T6047] loop0: detected capacity change from 0 to 2048 [ 72.802587][ T6047] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./195/binderfs") = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./195/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6051 ./strace-static-x86_64: Process 6051 attached [pid 6051] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6051] chdir("./196") = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6051] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6051] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6052 attached , parent_tid=[6052], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6052 [pid 6052] set_robust_list(0x7f40088a79e0, 24 [pid 6051] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] <... set_robust_list resumed>) = 0 [pid 6051] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6052] memfd_create("syzkaller", 0) = 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6052] munmap(0x7f4000487000, 1048576) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6052] close(3) = 0 [pid 6052] mkdir("./file0", 0777) = 0 [pid 6052] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6052] chdir("./file0") = 0 [pid 6052] ioctl(4, LOOP_CLR_FD) = 0 [pid 6052] close(4) = 0 [pid 6052] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... futex resumed>) = 1 [pid 6052] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6052] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6052] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 6052] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6051] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6051] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6052] <... ioctl resumed>) = 0 [pid 6052] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... clone resumed>, parent_tid=[6055], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6055 [pid 6052] <... futex resumed>) = 0 [pid 6051] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6055 attached [pid 6051] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6055] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6055] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6055] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = 0 [pid 6051] <... futex resumed>) = 1 [pid 6052] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6051] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... write resumed>) = 7 [pid 6052] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6052] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] exit_group(0) = ? [pid 6052] <... futex resumed>) = ? [pid 6055] <... futex resumed>) = ? [pid 6052] +++ exited with 0 +++ [pid 6055] +++ exited with 0 +++ [pid 6051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./196/binderfs") = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 72.909190][ T6052] loop0: detected capacity change from 0 to 2048 [ 72.918392][ T6052] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./196/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6056 ./strace-static-x86_64: Process 6056 attached [pid 6056] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6056] chdir("./197") = 0 [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6056] setpgid(0, 0) = 0 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6056] write(3, "1000", 4) = 4 [pid 6056] close(3) = 0 [pid 6056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6056] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6056] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6056] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6057], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6057 [pid 6056] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6057 attached [pid 6057] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6057] memfd_create("syzkaller", 0) = 3 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6057] munmap(0x7f4000487000, 1048576) = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6057] close(3) = 0 [pid 6057] mkdir("./file0", 0777) = 0 [pid 6057] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6057] chdir("./file0") = 0 [pid 6057] ioctl(4, LOOP_CLR_FD) = 0 [pid 6057] close(4) = 0 [pid 6057] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 0 [pid 6056] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] <... futex resumed>) = 1 [pid 6057] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6057] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6056] <... futex resumed>) = 0 [pid 6057] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6057] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6056] <... mmap resumed>) = 0x7f4000566000 [pid 6056] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 6057] <... ioctl resumed>) = 0 [pid 6056] <... mprotect resumed>) = 0 [pid 6057] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] <... clone resumed>, parent_tid=[6061], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6061 ./strace-static-x86_64: Process 6061 attached [pid 6056] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] set_robust_list(0x7f40005869e0, 24 [pid 6056] <... futex resumed>) = 0 [pid 6061] <... set_robust_list resumed>) = 0 [pid 6056] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6061] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6056] <... futex resumed>) = 0 [pid 6061] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] <... futex resumed>) = 0 [pid 6056] <... futex resumed>) = 1 [pid 6057] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6056] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] <... write resumed>) = 7 [pid 6057] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] <... futex resumed>) = 0 [pid 6056] exit_group(0 [pid 6057] <... futex resumed>) = ? [pid 6056] <... exit_group resumed>) = ? [pid 6057] +++ exited with 0 +++ [pid 6061] <... futex resumed>) = ? [pid 6061] +++ exited with 0 +++ [pid 6056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./197/binderfs") = 0 [ 73.012121][ T6057] loop0: detected capacity change from 0 to 2048 [ 73.021520][ T6057] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./197/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6062 ./strace-static-x86_64: Process 6062 attached [pid 6062] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6062] chdir("./198") = 0 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6062] setpgid(0, 0) = 0 [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6062] write(3, "1000", 4) = 4 [pid 6062] close(3) = 0 [pid 6062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6062] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6062] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6063 attached [pid 6063] set_robust_list(0x7f40088a79e0, 24 [pid 6062] <... clone resumed>, parent_tid=[6063], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6063 [pid 6063] <... set_robust_list resumed>) = 0 [pid 6062] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6063] memfd_create("syzkaller", 0) = 3 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6063] munmap(0x7f4000487000, 1048576) = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6063] close(3) = 0 [pid 6063] mkdir("./file0", 0777) = 0 [pid 6063] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6063] chdir("./file0") = 0 [pid 6063] ioctl(4, LOOP_CLR_FD) = 0 [pid 6063] close(4) = 0 [pid 6063] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... futex resumed>) = 1 [pid 6063] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6063] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6062] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6066], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6066 [pid 6062] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6066 attached [pid 6063] <... futex resumed>) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] set_robust_list(0x7f40005869e0, 24 [pid 6063] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6066] <... set_robust_list resumed>) = 0 [pid 6066] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6063] <... ioctl resumed>) = 0 [pid 6066] <... openat resumed>) = 5 [pid 6063] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] <... futex resumed>) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6066] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... futex resumed>) = 0 [pid 6063] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 6063] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6062] exit_group(0 [pid 6066] <... futex resumed>) = ? [pid 6062] <... exit_group resumed>) = ? [pid 6066] +++ exited with 0 +++ [pid 6063] <... futex resumed>) = ? [pid 6063] +++ exited with 0 +++ [pid 6062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6062, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 73.111980][ T6063] loop0: detected capacity change from 0 to 2048 [ 73.121696][ T6063] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./198/binderfs") = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./198/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6067 ./strace-static-x86_64: Process 6067 attached [pid 6067] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6067] chdir("./199") = 0 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6067] setpgid(0, 0) = 0 [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6067] write(3, "1000", 4) = 4 [pid 6067] close(3) = 0 [pid 6067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6067] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6067] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6067] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6068 attached , parent_tid=[6068], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6068 [pid 6067] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6068] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6068] memfd_create("syzkaller", 0) = 3 [pid 6068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6068] munmap(0x7f4000487000, 1048576) = 0 [pid 6068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6068] close(3) = 0 [pid 6068] mkdir("./file0", 0777) = 0 [pid 6068] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6068] chdir("./file0") = 0 [pid 6068] ioctl(4, LOOP_CLR_FD) = 0 [pid 6068] close(4) = 0 [pid 6068] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... futex resumed>) = 1 [pid 6068] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6068] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6067] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6067] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6071], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6071 [pid 6067] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... futex resumed>) = 1 ./strace-static-x86_64: Process 6071 attached [pid 6071] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6071] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6071] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6071] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6068] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... ioctl resumed>) = 0 [pid 6068] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] <... futex resumed>) = 0 [pid 6071] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 6071] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6067] exit_group(0) = ? [pid 6068] <... futex resumed>) = ? [pid 6071] <... futex resumed>) = ? [pid 6068] +++ exited with 0 +++ [pid 6071] +++ exited with 0 +++ [pid 6067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6067, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./199/binderfs") = 0 [ 73.229422][ T6068] loop0: detected capacity change from 0 to 2048 [ 73.239448][ T6068] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./199/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6072 ./strace-static-x86_64: Process 6072 attached [pid 6072] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6072] chdir("./200") = 0 [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6072] setpgid(0, 0) = 0 [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6072] write(3, "1000", 4) = 4 [pid 6072] close(3) = 0 [pid 6072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6072] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6072] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6072] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6073 attached , parent_tid=[6073], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6073 [pid 6073] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6073] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6072] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6073] memfd_create("syzkaller", 0) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6073] munmap(0x7f4000487000, 1048576) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6073] close(3) = 0 [pid 6073] mkdir("./file0", 0777) = 0 [pid 6073] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6073] chdir("./file0") = 0 [pid 6073] ioctl(4, LOOP_CLR_FD) = 0 [pid 6073] close(4) = 0 [pid 6073] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6073] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6073] <... futex resumed>) = 1 [pid 6072] <... mmap resumed>) = 0x7f4000566000 [pid 6072] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 6073] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6072] <... mprotect resumed>) = 0 [pid 6072] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6076], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6076 [pid 6072] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] <... ioctl resumed>) = 0 [pid 6072] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6076 attached [pid 6076] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6076] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6073] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6076] <... openat resumed>) = 5 [pid 6076] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] <... futex resumed>) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6076] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 6073] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6073] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] exit_group(0) = ? [pid 6076] <... futex resumed>) = ? [pid 6073] <... futex resumed>) = ? [pid 6073] +++ exited with 0 +++ [pid 6076] +++ exited with 0 +++ [pid 6072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6072, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./200/binderfs") = 0 [ 73.329630][ T6073] loop0: detected capacity change from 0 to 2048 [ 73.339322][ T6073] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./200/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6077 ./strace-static-x86_64: Process 6077 attached [pid 6077] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6077] chdir("./201") = 0 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6077] setpgid(0, 0) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6077] write(3, "1000", 4) = 4 [pid 6077] close(3) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6077] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6077] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6078 attached , parent_tid=[6078], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6078 [pid 6078] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6078] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6078] memfd_create("syzkaller", 0 [pid 6077] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6078] <... memfd_create resumed>) = 3 [pid 6078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6078] munmap(0x7f4000487000, 1048576) = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6078] close(3) = 0 [pid 6078] mkdir("./file0", 0777) = 0 [pid 6078] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6078] chdir("./file0") = 0 [pid 6078] ioctl(4, LOOP_CLR_FD) = 0 [pid 6078] close(4) = 0 [pid 6078] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... futex resumed>) = 1 [pid 6078] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6078] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6077] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6081], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6081 [pid 6077] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... futex resumed>) = 1 [pid 6078] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 6078] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6081 attached [pid 6081] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6081] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... futex resumed>) = 0 [pid 6078] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6081] <... futex resumed>) = 1 [pid 6081] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] <... write resumed>) = 7 [pid 6078] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] exit_group(0) = ? [pid 6081] <... futex resumed>) = ? [pid 6081] +++ exited with 0 +++ [pid 6078] <... futex resumed>) = ? [ 73.447691][ T6078] loop0: detected capacity change from 0 to 2048 [ 73.456793][ T6078] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6078] +++ exited with 0 +++ [pid 6077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./201/binderfs") = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./201/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6082 ./strace-static-x86_64: Process 6082 attached [pid 6082] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6082] chdir("./202") = 0 [pid 6082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6082] setpgid(0, 0) = 0 [pid 6082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6082] write(3, "1000", 4) = 4 [pid 6082] close(3) = 0 [pid 6082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6082] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6082] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6082] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6083 attached , parent_tid=[6083], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6083 [pid 6082] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6083] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6083] memfd_create("syzkaller", 0) = 3 [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6083] munmap(0x7f4000487000, 1048576) = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6083] close(3) = 0 [pid 6083] mkdir("./file0", 0777) = 0 [pid 6083] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6083] chdir("./file0") = 0 [pid 6083] ioctl(4, LOOP_CLR_FD) = 0 [pid 6083] close(4) = 0 [pid 6083] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... futex resumed>) = 1 [pid 6083] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6083] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6082] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6082] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6086], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6086 [pid 6082] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... futex resumed>) = 1 [pid 6083] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 6083] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6086 attached [pid 6086] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6086] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6086] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... futex resumed>) = 0 [pid 6083] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6086] <... futex resumed>) = 1 [pid 6086] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6083] <... write resumed>) = 7 [pid 6083] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6082] exit_group(0) = ? [pid 6083] <... futex resumed>) = ? [pid 6083] +++ exited with 0 +++ [pid 6086] <... futex resumed>) = ? [pid 6086] +++ exited with 0 +++ [pid 6082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6082, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 [ 73.565325][ T6083] loop0: detected capacity change from 0 to 2048 [ 73.574946][ T6083] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./202/binderfs") = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./202/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6087 ./strace-static-x86_64: Process 6087 attached [pid 6087] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6087] chdir("./203") = 0 [pid 6087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6087] setpgid(0, 0) = 0 [pid 6087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6087] write(3, "1000", 4) = 4 [pid 6087] close(3) = 0 [pid 6087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6087] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6087] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6087] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6088], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6088 [pid 6087] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6088 attached [pid 6088] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6088] memfd_create("syzkaller", 0) = 3 [pid 6088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6088] munmap(0x7f4000487000, 1048576) = 0 [pid 6088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6088] close(3) = 0 [pid 6088] mkdir("./file0", 0777) = 0 [pid 6088] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6088] chdir("./file0") = 0 [pid 6088] ioctl(4, LOOP_CLR_FD) = 0 [pid 6088] close(4) = 0 [pid 6088] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... futex resumed>) = 1 [pid 6088] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6088] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6088] <... futex resumed>) = 1 [pid 6087] <... mmap resumed>) = 0x7f4000566000 [pid 6088] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6087] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6088] <... ioctl resumed>) = 0 [pid 6087] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6091 attached [pid 6088] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... clone resumed>, parent_tid=[6091], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6091 [pid 6087] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] set_robust_list(0x7f40005869e0, 24 [pid 6088] <... futex resumed>) = 0 [pid 6091] <... set_robust_list resumed>) = 0 [pid 6091] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6088] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] <... openat resumed>) = 5 [pid 6091] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] <... futex resumed>) = 0 [pid 6091] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... futex resumed>) = 0 [pid 6087] <... futex resumed>) = 1 [pid 6088] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6087] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... write resumed>) = 7 [pid 6088] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] <... futex resumed>) = 0 [ 73.682238][ T6088] loop0: detected capacity change from 0 to 2048 [ 73.691866][ T6088] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6088] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] exit_group(0 [pid 6091] <... futex resumed>) = ? [pid 6088] <... futex resumed>) = ? [pid 6087] <... exit_group resumed>) = ? [pid 6091] +++ exited with 0 +++ [pid 6088] +++ exited with 0 +++ [pid 6087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6087, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./203/binderfs") = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./203/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6092 ./strace-static-x86_64: Process 6092 attached [pid 6092] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6092] chdir("./204") = 0 [pid 6092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6092] setpgid(0, 0) = 0 [pid 6092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6092] write(3, "1000", 4) = 4 [pid 6092] close(3) = 0 [pid 6092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6092] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6092] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6092] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6093], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6093 [pid 6092] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6093 attached [pid 6093] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6093] memfd_create("syzkaller", 0) = 3 [pid 6093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6093] munmap(0x7f4000487000, 1048576) = 0 [pid 6093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6093] close(3) = 0 [pid 6093] mkdir("./file0", 0777) = 0 [pid 6093] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6093] chdir("./file0") = 0 [pid 6093] ioctl(4, LOOP_CLR_FD) = 0 [pid 6093] close(4) = 0 [pid 6093] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = 1 [pid 6092] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6093] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... futex resumed>) = 0 [pid 6092] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6092] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6092] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6096], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6096 [pid 6092] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] <... futex resumed>) = 1 [ 73.793127][ T6093] loop0: detected capacity change from 0 to 2048 [ 73.802846][ T6093] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6093] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 6096 attached ) = 0 [pid 6093] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6096] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] <... futex resumed>) = 0 [pid 6092] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = 1 [pid 6093] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6092] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] <... write resumed>) = 7 [pid 6093] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] <... futex resumed>) = 0 [pid 6093] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6092] exit_group(0) = ? [pid 6093] <... futex resumed>) = ? [pid 6096] <... futex resumed>) = ? [pid 6096] +++ exited with 0 +++ [pid 6093] +++ exited with 0 +++ [pid 6092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6092, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./204/binderfs") = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./204/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6097 ./strace-static-x86_64: Process 6097 attached [pid 6097] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6097] chdir("./205") = 0 [pid 6097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6097] setpgid(0, 0) = 0 [pid 6097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6097] write(3, "1000", 4) = 4 [pid 6097] close(3) = 0 [pid 6097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6097] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6097] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6097] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6098 attached , parent_tid=[6098], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6098 [pid 6098] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6097] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6097] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6098] memfd_create("syzkaller", 0) = 3 [pid 6098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6098] munmap(0x7f4000487000, 1048576) = 0 [pid 6098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6098] close(3) = 0 [pid 6098] mkdir("./file0", 0777) = 0 [pid 6098] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6098] chdir("./file0") = 0 [pid 6098] ioctl(4, LOOP_CLR_FD) = 0 [pid 6098] close(4) = 0 [pid 6098] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6098] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6097] <... futex resumed>) = 0 [pid 6097] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6097] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6098] <... futex resumed>) = 0 [pid 6098] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6098] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... futex resumed>) = 0 [pid 6097] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = 1 [pid 6097] <... futex resumed>) = 0 [pid 6098] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6097] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... ioctl resumed>) = 0 [pid 6097] <... futex resumed>) = 0 [pid 6097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6098] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... mmap resumed>) = 0x7f4000566000 [pid 6098] <... futex resumed>) = 0 [pid 6097] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 6098] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6097] <... mprotect resumed>) = 0 [pid 6097] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6101], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6101 [pid 6097] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6097] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6101 attached [pid 6101] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6101] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6101] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... futex resumed>) = 0 [pid 6097] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = 0 [pid 6097] <... futex resumed>) = 1 [pid 6098] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6097] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... futex resumed>) = 1 [pid 6098] <... write resumed>) = 7 [pid 6098] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6097] <... futex resumed>) = 0 [pid 6098] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6097] exit_group(0 [pid 6098] <... futex resumed>) = ? [pid 6097] <... exit_group resumed>) = ? [pid 6098] +++ exited with 0 +++ [ 73.924917][ T6098] loop0: detected capacity change from 0 to 2048 [ 73.936792][ T6098] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6101] +++ exited with 0 +++ [pid 6097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6097, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./205/binderfs") = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./205/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6102 ./strace-static-x86_64: Process 6102 attached [pid 6102] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6102] chdir("./206") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6102] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6102] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6103], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6103 [pid 6102] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6103 attached [pid 6103] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6103] memfd_create("syzkaller", 0) = 3 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6103] munmap(0x7f4000487000, 1048576) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6103] close(3) = 0 [pid 6103] mkdir("./file0", 0777) = 0 [pid 6103] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6103] chdir("./file0") = 0 [pid 6103] ioctl(4, LOOP_CLR_FD) = 0 [pid 6103] close(4) = 0 [pid 6103] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... openat resumed>) = 4 [pid 6103] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6102] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... ioctl resumed>) = 0 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6103] <... futex resumed>) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6103] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] <... mmap resumed>) = 0x7f4000566000 [pid 6102] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6106], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6106 [pid 6102] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6106 attached [pid 6106] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6106] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6106] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... futex resumed>) = 0 [pid 6102] <... futex resumed>) = 1 [pid 6103] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6102] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... write resumed>) = 7 [pid 6103] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] exit_group(0 [pid 6103] <... futex resumed>) = ? [pid 6102] <... exit_group resumed>) = ? [pid 6103] +++ exited with 0 +++ [pid 6106] <... futex resumed>) = ? [ 74.032327][ T6103] loop0: detected capacity change from 0 to 2048 [ 74.043305][ T6103] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6106] +++ exited with 0 +++ [pid 6102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./206/binderfs") = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./206/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6107 ./strace-static-x86_64: Process 6107 attached [pid 6107] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6107] chdir("./207") = 0 [pid 6107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6107] setpgid(0, 0) = 0 [pid 6107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6107] write(3, "1000", 4) = 4 [pid 6107] close(3) = 0 [pid 6107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6107] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6107] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6107] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6108 attached , parent_tid=[6108], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6108 [pid 6107] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6108] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6108] memfd_create("syzkaller", 0) = 3 [pid 6108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6108] munmap(0x7f4000487000, 1048576) = 0 [pid 6108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6108] close(3) = 0 [pid 6108] mkdir("./file0", 0777) = 0 [pid 6108] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6108] chdir("./file0") = 0 [pid 6108] ioctl(4, LOOP_CLR_FD) = 0 [pid 6108] close(4) = 0 [pid 6108] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6107] <... futex resumed>) = 0 [pid 6107] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6107] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6108] <... futex resumed>) = 0 [pid 6108] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6108] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] <... futex resumed>) = 0 [pid 6107] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6107] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6107] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6111], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6111 [pid 6107] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6108] <... futex resumed>) = 1 [pid 6108] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 [pid 6108] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6111 attached [pid 6111] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6111] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6111] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] <... futex resumed>) = 0 [pid 6107] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6107] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6108] <... futex resumed>) = 0 [ 74.138991][ T6108] loop0: detected capacity change from 0 to 2048 [ 74.147855][ T6108] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6108] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6111] <... futex resumed>) = 1 [pid 6111] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] <... write resumed>) = 7 [pid 6108] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] <... futex resumed>) = 0 [pid 6107] exit_group(0) = ? [pid 6111] <... futex resumed>) = ? [pid 6108] <... futex resumed>) = ? [pid 6111] +++ exited with 0 +++ [pid 6108] +++ exited with 0 +++ [pid 6107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6107, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./207/binderfs") = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./207/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6112 ./strace-static-x86_64: Process 6112 attached [pid 6112] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6112] chdir("./208") = 0 [pid 6112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6112] setpgid(0, 0) = 0 [pid 6112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6112] write(3, "1000", 4) = 4 [pid 6112] close(3) = 0 [pid 6112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6112] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6112] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6112] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6113], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6113 [pid 6112] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6113 attached ) = 0 [pid 6112] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6113] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6113] memfd_create("syzkaller", 0) = 3 [pid 6113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6113] munmap(0x7f4000487000, 1048576) = 0 [pid 6113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6113] close(3) = 0 [pid 6113] mkdir("./file0", 0777) = 0 [pid 6113] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6113] chdir("./file0") = 0 [pid 6113] ioctl(4, LOOP_CLR_FD) = 0 [pid 6113] close(4) = 0 [pid 6113] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6112] <... futex resumed>) = 0 [pid 6112] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = 0 [pid 6112] <... futex resumed>) = 1 [pid 6113] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6112] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6113] <... openat resumed>) = 4 [pid 6113] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] <... futex resumed>) = 0 [pid 6113] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6112] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6112] <... futex resumed>) = 0 [pid 6113] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6112] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6112] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6112] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6116], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6116 [pid 6112] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6113] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6116 attached [pid 6116] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6113] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6116] <... openat resumed>) = 5 [pid 6113] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6116] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... futex resumed>) = 0 [pid 6112] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6116] <... futex resumed>) = 1 [pid 6116] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] <... futex resumed>) = 0 [ 74.260579][ T6113] loop0: detected capacity change from 0 to 2048 [ 74.269916][ T6113] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6113] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 6113] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] <... futex resumed>) = 0 [pid 6113] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6112] exit_group(0 [pid 6113] <... futex resumed>) = ? [pid 6112] <... exit_group resumed>) = ? [pid 6116] <... futex resumed>) = ? [pid 6116] +++ exited with 0 +++ [pid 6113] +++ exited with 0 +++ [pid 6112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6112, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./208/binderfs") = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./208/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6117 ./strace-static-x86_64: Process 6117 attached [pid 6117] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6117] chdir("./209") = 0 [pid 6117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6117] setpgid(0, 0) = 0 [pid 6117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6117] write(3, "1000", 4) = 4 [pid 6117] close(3) = 0 [pid 6117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6117] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6117] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6117] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6118], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6118 ./strace-static-x86_64: Process 6118 attached [pid 6117] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] set_robust_list(0x7f40088a79e0, 24 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6118] <... set_robust_list resumed>) = 0 [pid 6118] memfd_create("syzkaller", 0) = 3 [pid 6118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6118] munmap(0x7f4000487000, 1048576) = 0 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6118] close(3) = 0 [pid 6118] mkdir("./file0", 0777) = 0 [pid 6118] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6118] chdir("./file0") = 0 [pid 6118] ioctl(4, LOOP_CLR_FD) = 0 [pid 6118] close(4) = 0 [pid 6118] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... futex resumed>) = 1 [pid 6118] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6118] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6117] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6117] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6121 attached [pid 6118] <... futex resumed>) = 1 [pid 6117] <... clone resumed>, parent_tid=[6121], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6121 [pid 6117] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] set_robust_list(0x7f40005869e0, 24 [pid 6118] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6121] <... set_robust_list resumed>) = 0 [pid 6121] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6118] <... ioctl resumed>) = 0 [pid 6121] <... openat resumed>) = 5 [pid 6118] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6118] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] <... futex resumed>) = 1 [pid 6118] <... futex resumed>) = 0 [pid 6117] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6118] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 6118] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6117] exit_group(0) = ? [pid 6121] <... futex resumed>) = ? [pid 6121] +++ exited with 0 +++ [pid 6118] <... futex resumed>) = ? [pid 6118] +++ exited with 0 +++ [pid 6117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6117, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 [ 74.386085][ T6118] loop0: detected capacity change from 0 to 2048 [ 74.395671][ T6118] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./209/binderfs") = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./209/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6122 ./strace-static-x86_64: Process 6122 attached [pid 6122] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6122] chdir("./210") = 0 [pid 6122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6122] setpgid(0, 0) = 0 [pid 6122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6122] write(3, "1000", 4) = 4 [pid 6122] close(3) = 0 [pid 6122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6122] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6122] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6122] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6123 attached , parent_tid=[6123], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6123 [pid 6122] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6122] <... futex resumed>) = 0 [pid 6123] memfd_create("syzkaller", 0 [pid 6122] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6123] <... memfd_create resumed>) = 3 [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6123] munmap(0x7f4000487000, 1048576) = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6123] close(3) = 0 [pid 6123] mkdir("./file0", 0777) = 0 [pid 6123] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6123] chdir("./file0") = 0 [pid 6123] ioctl(4, LOOP_CLR_FD) = 0 [pid 6123] close(4) = 0 [pid 6123] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6123] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6122] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6122] <... futex resumed>) = 0 [pid 6123] <... ioctl resumed>) = 0 [pid 6122] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6123] <... futex resumed>) = 0 [pid 6122] <... mmap resumed>) = 0x7f4000566000 [pid 6123] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6122] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6126], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6126 [pid 6122] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6126 attached [pid 6126] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6126] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6126] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 0 [pid 6122] <... futex resumed>) = 1 [pid 6123] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6122] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... write resumed>) = 7 [pid 6123] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] <... futex resumed>) = 0 [pid 6126] <... futex resumed>) = 1 [pid 6123] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] exit_group(0 [pid 6123] <... futex resumed>) = ? [pid 6122] <... exit_group resumed>) = ? [pid 6126] +++ exited with 0 +++ [pid 6123] +++ exited with 0 +++ [pid 6122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6122, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./210/binderfs") = 0 [ 74.488587][ T6123] loop0: detected capacity change from 0 to 2048 [ 74.498064][ T6123] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./210/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6127 attached [pid 6127] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6127] chdir("./211") = 0 [pid 6127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6127] setpgid(0, 0) = 0 [pid 6127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... clone resumed>, child_tidptr=0x5555570c15d0) = 6127 [pid 6127] <... openat resumed>) = 3 [pid 6127] write(3, "1000", 4) = 4 [pid 6127] close(3) = 0 [pid 6127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6127] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6127] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6127] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6128], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6128 ./strace-static-x86_64: Process 6128 attached [pid 6127] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6128] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6128] memfd_create("syzkaller", 0) = 3 [pid 6128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6128] munmap(0x7f4000487000, 1048576) = 0 [pid 6128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6128] close(3) = 0 [pid 6128] mkdir("./file0", 0777) = 0 [pid 6128] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6128] chdir("./file0") = 0 [pid 6128] ioctl(4, LOOP_CLR_FD) = 0 [pid 6128] close(4) = 0 [pid 6128] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] <... futex resumed>) = 0 [pid 6127] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6128] <... futex resumed>) = 1 [pid 6128] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6128] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] <... futex resumed>) = 0 [pid 6127] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6128] <... futex resumed>) = 1 [pid 6127] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6127] <... futex resumed>) = 0 [pid 6128] <... ioctl resumed>) = 0 [pid 6127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6128] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 6128] <... futex resumed>) = 0 [pid 6127] <... mprotect resumed>) = 0 [pid 6128] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6127] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6131], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6131 [pid 6127] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6131 attached [pid 6131] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6131] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 74.595456][ T6128] loop0: detected capacity change from 0 to 2048 [ 74.605264][ T6128] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6131] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] <... futex resumed>) = 0 [pid 6131] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6127] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6128] <... futex resumed>) = 0 [pid 6128] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 6128] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] <... futex resumed>) = 0 [pid 6128] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6127] exit_group(0 [pid 6131] <... futex resumed>) = ? [pid 6128] <... futex resumed>) = ? [pid 6127] <... exit_group resumed>) = ? [pid 6131] +++ exited with 0 +++ [pid 6128] +++ exited with 0 +++ [pid 6127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6127, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./211/binderfs") = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./211/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6132 ./strace-static-x86_64: Process 6132 attached [pid 6132] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6132] chdir("./212") = 0 [pid 6132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6132] setpgid(0, 0) = 0 [pid 6132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6132] write(3, "1000", 4) = 4 [pid 6132] close(3) = 0 [pid 6132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6132] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6132] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6132] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6133 attached , parent_tid=[6133], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6133 [pid 6133] set_robust_list(0x7f40088a79e0, 24 [pid 6132] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] <... set_robust_list resumed>) = 0 [pid 6132] <... futex resumed>) = 0 [pid 6133] memfd_create("syzkaller", 0 [pid 6132] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6133] <... memfd_create resumed>) = 3 [pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6133] munmap(0x7f4000487000, 1048576) = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6133] close(3) = 0 [pid 6133] mkdir("./file0", 0777) = 0 [pid 6133] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6133] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6133] chdir("./file0") = 0 [pid 6133] ioctl(4, LOOP_CLR_FD) = 0 [pid 6133] close(4) = 0 [pid 6133] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6133] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6132] <... futex resumed>) = 0 [pid 6133] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6132] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] <... openat resumed>) = 4 [pid 6133] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6132] <... futex resumed>) = 0 [pid 6133] <... ioctl resumed>) = 0 [pid 6132] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6132] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6132] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6136], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6136 [pid 6132] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] <... futex resumed>) = 0 [pid 6132] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6136 attached [pid 6136] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6136] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6133] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6136] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] <... futex resumed>) = 0 [pid 6133] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 6133] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = 0 [pid 6132] exit_group(0) = ? [pid 6133] <... futex resumed>) = ? [pid 6133] +++ exited with 0 +++ [pid 6136] <... futex resumed>) = ? [pid 6136] +++ exited with 0 +++ [pid 6132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6132, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./212/binderfs") = 0 [ 74.716742][ T6133] loop0: detected capacity change from 0 to 2048 [ 74.726049][ T6133] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./212/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6137 ./strace-static-x86_64: Process 6137 attached [pid 6137] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6137] chdir("./213") = 0 [pid 6137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6137] setpgid(0, 0) = 0 [pid 6137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6137] write(3, "1000", 4) = 4 [pid 6137] close(3) = 0 [pid 6137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6137] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6137] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6137] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6138], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6138 [pid 6137] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6138 attached [pid 6138] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6138] memfd_create("syzkaller", 0) = 3 [pid 6138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6138] munmap(0x7f4000487000, 1048576) = 0 [pid 6138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6138] close(3) = 0 [pid 6138] mkdir("./file0", 0777) = 0 [pid 6138] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6138] chdir("./file0") = 0 [pid 6138] ioctl(4, LOOP_CLR_FD) = 0 [pid 6138] close(4) = 0 [pid 6138] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = 0 [pid 6137] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6138] <... futex resumed>) = 1 [pid 6138] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6138] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] <... futex resumed>) = 0 [pid 6138] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6137] <... futex resumed>) = 0 [pid 6138] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6137] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6137] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6138] <... ioctl resumed>) = 0 [pid 6138] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] <... clone resumed>, parent_tid=[6141], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6141 [ 74.817656][ T6138] loop0: detected capacity change from 0 to 2048 [ 74.827171][ T6138] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6138] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6141 attached [pid 6141] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6141] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6141] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] <... futex resumed>) = 0 [pid 6141] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [pid 6137] <... futex resumed>) = 1 [pid 6138] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6137] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6138] <... write resumed>) = 7 [pid 6138] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] <... futex resumed>) = 0 [pid 6138] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] exit_group(0) = ? [pid 6138] <... futex resumed>) = ? [pid 6138] +++ exited with 0 +++ [pid 6141] <... futex resumed>) = ? [pid 6141] +++ exited with 0 +++ [pid 6137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6137, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./213/binderfs") = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./213/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6142 ./strace-static-x86_64: Process 6142 attached [pid 6142] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6142] chdir("./214") = 0 [pid 6142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6142] setpgid(0, 0) = 0 [pid 6142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6142] write(3, "1000", 4) = 4 [pid 6142] close(3) = 0 [pid 6142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6142] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6142] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6142] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6143 attached , parent_tid=[6143], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6143 [pid 6143] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6143] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6142] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] <... futex resumed>) = 0 [pid 6142] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6143] memfd_create("syzkaller", 0) = 3 [pid 6143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6143] munmap(0x7f4000487000, 1048576) = 0 [pid 6143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6143] close(3) = 0 [pid 6143] mkdir("./file0", 0777) = 0 [pid 6143] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6143] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6143] chdir("./file0") = 0 [pid 6143] ioctl(4, LOOP_CLR_FD) = 0 [pid 6143] close(4) = 0 [pid 6143] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = 0 [pid 6142] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6143] <... futex resumed>) = 1 [pid 6143] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6143] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = 0 [pid 6142] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6142] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6142] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6146], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6146 [pid 6142] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6143] <... futex resumed>) = 1 [pid 6143] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0 ./strace-static-x86_64: Process 6146 attached [pid 6143] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] set_robust_list(0x7f40005869e0, 24 [pid 6143] <... futex resumed>) = 0 [pid 6146] <... set_robust_list resumed>) = 0 [pid 6143] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6146] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6142] <... futex resumed>) = 0 [pid 6142] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] <... futex resumed>) = 0 [pid 6142] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6143] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6146] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6143] <... write resumed>) = 7 [pid 6143] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = 0 [pid 6142] exit_group(0) = ? [pid 6146] <... futex resumed>) = ? [pid 6146] +++ exited with 0 +++ [pid 6143] <... futex resumed>) = ? [pid 6143] +++ exited with 0 +++ [pid 6142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6142, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 74.943612][ T6143] loop0: detected capacity change from 0 to 2048 [ 74.953587][ T6143] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./214/binderfs") = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./214/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6147 ./strace-static-x86_64: Process 6147 attached [pid 6147] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6147] chdir("./215") = 0 [pid 6147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6147] setpgid(0, 0) = 0 [pid 6147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6147] write(3, "1000", 4) = 4 [pid 6147] close(3) = 0 [pid 6147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6147] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6147] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6148 attached , parent_tid=[6148], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6148 [pid 6147] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6148] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6148] memfd_create("syzkaller", 0) = 3 [pid 6148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6148] munmap(0x7f4000487000, 1048576) = 0 [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6148] close(3) = 0 [pid 6148] mkdir("./file0", 0777) = 0 [pid 6148] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6148] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6148] chdir("./file0") = 0 [pid 6148] ioctl(4, LOOP_CLR_FD) = 0 [pid 6148] close(4) = 0 [pid 6148] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6148] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6147] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... openat resumed>) = 4 [pid 6148] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6148] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6148] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6147] <... mmap resumed>) = 0x7f4000566000 [pid 6148] <... ioctl resumed>) = 0 [pid 6147] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE [pid 6148] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... mprotect resumed>) = 0 [pid 6147] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] <... clone resumed>, parent_tid=[6151], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6151 [pid 6147] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6151 attached [pid 6151] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6151] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6151] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = 0 [pid 6147] <... futex resumed>) = 1 [pid 6148] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6147] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] <... write resumed>) = 7 [ 75.051022][ T6148] loop0: detected capacity change from 0 to 2048 [ 75.061066][ T6148] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6148] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6148] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] exit_group(0 [pid 6148] <... futex resumed>) = ? [pid 6147] <... exit_group resumed>) = ? [pid 6148] +++ exited with 0 +++ [pid 6151] <... futex resumed>) = ? [pid 6151] +++ exited with 0 +++ [pid 6147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6147, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./215/binderfs") = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./215/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6152 ./strace-static-x86_64: Process 6152 attached [pid 6152] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6152] chdir("./216") = 0 [pid 6152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6152] setpgid(0, 0) = 0 [pid 6152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6152] write(3, "1000", 4) = 4 [pid 6152] close(3) = 0 [pid 6152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6152] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6152] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6153], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6153 [pid 6152] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6153 attached [pid 6153] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6153] memfd_create("syzkaller", 0) = 3 [pid 6153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6153] munmap(0x7f4000487000, 1048576) = 0 [pid 6153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6153] close(3) = 0 [pid 6153] mkdir("./file0", 0777) = 0 [pid 6153] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6153] chdir("./file0") = 0 [pid 6153] ioctl(4, LOOP_CLR_FD) = 0 [pid 6153] close(4) = 0 [pid 6153] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6153] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... futex resumed>) = 0 [pid 6153] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6153] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6152] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... ioctl resumed>) = 0 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6153] <... futex resumed>) = 0 [pid 6153] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] <... mmap resumed>) = 0x7f4000566000 [pid 6152] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6156], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6156 [pid 6152] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6156 attached [pid 6156] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6156] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6156] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = 0 [pid 6152] <... futex resumed>) = 1 [pid 6156] <... futex resumed>) = 1 [pid 6152] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6156] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] <... write resumed>) = 7 [pid 6153] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] exit_group(0 [pid 6153] <... futex resumed>) = ? [pid 6152] <... exit_group resumed>) = ? [pid 6153] +++ exited with 0 +++ [pid 6156] <... futex resumed>) = ? [ 75.169041][ T6153] loop0: detected capacity change from 0 to 2048 [ 75.178517][ T6153] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6156] +++ exited with 0 +++ [pid 6152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6152, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./216/binderfs") = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./216/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6157 ./strace-static-x86_64: Process 6157 attached [pid 6157] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6157] chdir("./217") = 0 [pid 6157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6157] setpgid(0, 0) = 0 [pid 6157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6157] write(3, "1000", 4) = 4 [pid 6157] close(3) = 0 [pid 6157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6157] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6157] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6158], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6158 [pid 6157] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6158 attached [pid 6158] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6158] memfd_create("syzkaller", 0) = 3 [pid 6158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6158] munmap(0x7f4000487000, 1048576) = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6158] close(3) = 0 [pid 6158] mkdir("./file0", 0777) = 0 [pid 6158] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6158] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6158] chdir("./file0") = 0 [pid 6158] ioctl(4, LOOP_CLR_FD) = 0 [pid 6158] close(4) = 0 [pid 6158] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... futex resumed>) = 1 [pid 6158] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6158] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6157] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6161], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6161 [pid 6157] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... futex resumed>) = 1 [pid 6158] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000./strace-static-x86_64: Process 6161 attached ) = 0 [pid 6161] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6161] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6161] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] <... futex resumed>) = 1 [pid 6161] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6158] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6161] <... write resumed>) = 7 [pid 6161] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] exit_group(0 [pid 6158] <... futex resumed>) = ? [pid 6157] <... exit_group resumed>) = ? [ 75.280264][ T6158] loop0: detected capacity change from 0 to 2048 [ 75.289536][ T6158] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6158] +++ exited with 0 +++ [pid 6161] <... futex resumed>) = ? [pid 6161] +++ exited with 0 +++ [pid 6157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6157, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./217/binderfs") = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./217/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6162 ./strace-static-x86_64: Process 6162 attached [pid 6162] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6162] chdir("./218") = 0 [pid 6162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6162] setpgid(0, 0) = 0 [pid 6162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6162] write(3, "1000", 4) = 4 [pid 6162] close(3) = 0 [pid 6162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6162] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6162] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6162] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6163], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6163 [pid 6162] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6163 attached [pid 6163] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6163] memfd_create("syzkaller", 0) = 3 [pid 6163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6163] munmap(0x7f4000487000, 1048576) = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6163] close(3) = 0 [pid 6163] mkdir("./file0", 0777) = 0 [pid 6163] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6163] chdir("./file0") = 0 [pid 6163] ioctl(4, LOOP_CLR_FD) = 0 [pid 6163] close(4) = 0 [pid 6163] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... futex resumed>) = 0 [pid 6163] <... futex resumed>) = 1 [pid 6162] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... openat resumed>) = 4 [pid 6163] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6162] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6162] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6166], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6166 [pid 6163] <... futex resumed>) = 1 [pid 6162] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6162] <... futex resumed>) = 0 [pid 6163] <... ioctl resumed>) = 0 [pid 6162] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6163] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6166 attached [pid 6166] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6166] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6166] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... futex resumed>) = 0 [pid 6162] <... futex resumed>) = 1 [pid 6163] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6162] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... futex resumed>) = 1 [pid 6166] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6163] <... write resumed>) = 7 [pid 6163] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] exit_group(0 [pid 6163] <... futex resumed>) = ? [pid 6162] <... exit_group resumed>) = ? [pid 6163] +++ exited with 0 +++ [pid 6166] <... futex resumed>) = ? [pid 6166] +++ exited with 0 +++ [pid 6162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6162, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 [ 75.398641][ T6163] loop0: detected capacity change from 0 to 2048 [ 75.408197][ T6163] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./218/binderfs") = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./218/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6167 ./strace-static-x86_64: Process 6167 attached [pid 6167] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6167] chdir("./219") = 0 [pid 6167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6167] setpgid(0, 0) = 0 [pid 6167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6167] write(3, "1000", 4) = 4 [pid 6167] close(3) = 0 [pid 6167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6167] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6167] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6167] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6168], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6168 [pid 6167] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6168 attached [pid 6168] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6168] memfd_create("syzkaller", 0) = 3 [pid 6168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6168] munmap(0x7f4000487000, 1048576) = 0 [pid 6168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6168] close(3) = 0 [pid 6168] mkdir("./file0", 0777) = 0 [pid 6168] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6168] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6168] chdir("./file0") = 0 [pid 6168] ioctl(4, LOOP_CLR_FD) = 0 [pid 6168] close(4) = 0 [pid 6168] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... futex resumed>) = 1 [pid 6168] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6168] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6167] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6167] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6171], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6171 [pid 6167] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... futex resumed>) = 1 ./strace-static-x86_64: Process 6171 attached [pid 6168] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6171] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6171] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6168] <... ioctl resumed>) = 0 [pid 6168] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6171] <... openat resumed>) = 5 [pid 6171] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6167] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... futex resumed>) = 0 [pid 6168] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6171] <... futex resumed>) = 1 [ 75.509261][ T6168] loop0: detected capacity change from 0 to 2048 [ 75.518834][ T6168] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6171] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] <... write resumed>) = 7 [pid 6168] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6167] <... futex resumed>) = 0 [pid 6167] exit_group(0) = ? [pid 6171] <... futex resumed>) = ? [pid 6171] +++ exited with 0 +++ [pid 6168] +++ exited with 0 +++ [pid 6167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6167, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./219/binderfs") = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./219/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6172 ./strace-static-x86_64: Process 6172 attached [pid 6172] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6172] chdir("./220") = 0 [pid 6172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6172] setpgid(0, 0) = 0 [pid 6172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6172] write(3, "1000", 4) = 4 [pid 6172] close(3) = 0 [pid 6172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6172] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6172] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6172] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6173 attached [pid 6173] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6173] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] <... clone resumed>, parent_tid=[6173], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6173 [pid 6172] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] <... futex resumed>) = 0 [pid 6173] memfd_create("syzkaller", 0) = 3 [pid 6173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6172] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6173] munmap(0x7f4000487000, 1048576) = 0 [pid 6173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6173] close(3) = 0 [pid 6173] mkdir("./file0", 0777) = 0 [pid 6173] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6173] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6173] chdir("./file0") = 0 [pid 6173] ioctl(4, LOOP_CLR_FD) = 0 [pid 6173] close(4) = 0 [pid 6173] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] <... futex resumed>) = 0 [pid 6172] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] <... futex resumed>) = 0 [pid 6172] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6173] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... futex resumed>) = 0 [pid 6172] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = 1 [pid 6172] <... futex resumed>) = 0 [pid 6173] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6172] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... ioctl resumed>) = 0 [pid 6172] <... futex resumed>) = 0 [pid 6173] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6173] <... futex resumed>) = 0 [pid 6172] <... mmap resumed>) = 0x7f4000566000 [pid 6173] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6172] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6176], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6176 [pid 6172] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6172] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6176 attached [pid 6176] set_robust_list(0x7f40005869e0, 24) = 0 [pid 6176] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6176] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... futex resumed>) = 0 [pid 6172] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = 0 [pid 6172] <... futex resumed>) = 1 [pid 6173] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7 [pid 6172] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] <... futex resumed>) = 1 [pid 6176] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6173] <... write resumed>) = 7 [pid 6173] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6172] <... futex resumed>) = 0 [pid 6173] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] exit_group(0) = ? [pid 6173] <... futex resumed>) = ? [pid 6176] <... futex resumed>) = ? [pid 6173] +++ exited with 0 +++ [pid 6176] +++ exited with 0 +++ [pid 6172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6172, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555570c2620 /* 4 entries */, 32768) = 112 umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./220/binderfs") = 0 [ 75.618129][ T6173] loop0: detected capacity change from 0 to 2048 [ 75.628316][ T6173] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./220/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555570ca660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570ca660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file0") = 0 getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570c15d0) = 6177 ./strace-static-x86_64: Process 6177 attached [pid 6177] set_robust_list(0x5555570c15e0, 24) = 0 [pid 6177] chdir("./221") = 0 [pid 6177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6177] setpgid(0, 0) = 0 [pid 6177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6177] write(3, "1000", 4) = 4 [pid 6177] close(3) = 0 [pid 6177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6177] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4008887000 [pid 6177] mprotect(0x7f4008888000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6177] clone(child_stack=0x7f40088a73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6178], tls=0x7f40088a7700, child_tidptr=0x7f40088a79d0) = 6178 [pid 6177] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6178 attached [pid 6178] set_robust_list(0x7f40088a79e0, 24) = 0 [pid 6178] memfd_create("syzkaller", 0) = 3 [pid 6178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4000487000 [pid 6178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6178] munmap(0x7f4000487000, 1048576) = 0 [pid 6178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6178] close(3) = 0 [pid 6178] mkdir("./file0", 0777) = 0 [pid 6178] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,noblock_validity,dioread_nolock,quota,nogrpid,nombcache,,errors=continue") = 0 [pid 6178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6178] chdir("./file0") = 0 [pid 6178] ioctl(4, LOOP_CLR_FD) = 0 [pid 6178] close(4) = 0 [pid 6178] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] futex(0x7f40089807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] futex(0x7f40089807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... futex resumed>) = 0 [pid 6178] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6178] futex(0x7f40089807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f40089807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4000566000 [pid 6177] mprotect(0x7f4000567000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6177] clone(child_stack=0x7f40005863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6181], tls=0x7f4000586700, child_tidptr=0x7f40005869d0) = 6181 ./strace-static-x86_64: Process 6181 attached [pid 6178] <... futex resumed>) = 1 [pid 6177] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] set_robust_list(0x7f40005869e0, 24 [pid 6177] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 6181] <... set_robust_list resumed>) = 0 [ 75.713363][ T6178] loop0: detected capacity change from 0 to 2048 [ 75.722714][ T6178] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 6181] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6181] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f40089807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f40089807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] <... futex resumed>) = 1 [pid 6181] write(5, "\x07\x00\x00\x00\x7b\x00\x00", 7) = 7 [pid 6181] futex(0x7f40089807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6181] <... futex resumed>) = 1 [ 75.756342][ T7] cfg80211: failed to load regulatory.db [pid 6181] futex(0x7f40089807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] exit_group(0) = ? [pid 6181] <... futex resumed>) = ? [pid 6181] +++ exited with 0 +++ [pid 5062] kill(-6177, SIGKILL) = 0 [pid 5062] kill(6177, SIGKILL) = 0 [pid 5062] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5062] getdents64(3, 0x5555570c2620 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(3, 0x5555570c2620 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [ 285.674740][ T27] INFO: task syz-executor397:6178 blocked for more than 143 seconds. [ 285.682892][ T27] Not tainted 6.2.0-rc1-syzkaller #0 [ 285.688755][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.697457][ T27] task:syz-executor397 state:D stack:25232 pid:6178 ppid:5062 flags:0x00004004 [ 285.706710][ T27] Call Trace: [ 285.709989][ T27] [ 285.712915][ T27] __schedule+0xb8a/0x5450 [ 285.717396][ T27] ? find_held_lock+0x2d/0x110 [ 285.722190][ T27] ? io_schedule_timeout+0x150/0x150 [ 285.727515][ T27] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 285.733338][ T27] schedule+0xde/0x1b0 [ 285.737445][ T27] io_schedule+0xbe/0x130 [ 285.741795][ T27] bit_wait_io+0x16/0xe0 [ 285.746113][ T27] __wait_on_bit_lock+0x11f/0x1a0 [ 285.751162][ T27] ? out_of_line_wait_on_bit_timeout+0x170/0x170 [ 285.757523][ T27] out_of_line_wait_on_bit_lock+0xd9/0x110 [ 285.763354][ T27] ? __wait_on_bit_lock+0x1a0/0x1a0 [ 285.768595][ T27] ? sugov_start+0x580/0x580 [ 285.773198][ T27] __sync_dirty_buffer+0x30e/0x380 [ 285.778336][ T27] __ext4_handle_dirty_metadata+0x2b7/0x6f0 [ 285.784258][ T27] ? __ext4_journal_get_create_access+0x182/0x1f0 [ 285.790716][ T27] ext4_convert_inline_data_nolock+0x6e6/0xf10 [ 285.796914][ T27] ? ext4_destroy_inline_data_nolock+0x580/0x580 [ 285.803228][ T27] ? down_write_killable+0x250/0x250 [ 285.808532][ T27] ? __ext4_journal_start_sb+0x231/0x860 [ 285.814176][ T27] ? ext4_convert_inline_data+0x316/0x5f0 [ 285.819951][ T27] ext4_convert_inline_data+0x51a/0x5f0 [ 285.825553][ T27] ? ext4_inline_data_truncate+0xd70/0xd70 [ 285.831377][ T27] ? down_write_killable+0x250/0x250 [ 285.836697][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 285.841558][ T27] ext4_fallocate+0x19a/0x43d0 [ 285.846363][ T27] ? ext4_ext_truncate+0x400/0x400 [ 285.851525][ T27] ? ext4_ext_truncate+0x400/0x400 [ 285.856709][ T27] vfs_fallocate+0x48b/0xe00 [ 285.861317][ T27] ioctl_preallocate+0x18e/0x200 [ 285.866281][ T27] ? fiemap_prep+0x220/0x220 [ 285.870886][ T27] do_vfs_ioctl+0x1264/0x15b0 [ 285.875602][ T27] ? vfs_fileattr_set+0xbe0/0xbe0 [ 285.880641][ T27] ? find_held_lock+0x2d/0x110 [ 285.885446][ T27] ? name_to_dev_t+0x313/0x990 [ 285.890230][ T27] ? __fget_files+0x26a/0x440 [ 285.894969][ T27] ? bpf_lsm_file_ioctl+0x9/0x10 [ 285.899937][ T27] __x64_sys_ioctl+0x10c/0x210 [ 285.904780][ T27] do_syscall_64+0x39/0xb0 [ 285.909223][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 285.915161][ T27] RIP: 0033:0x7f40088fb699 [ 285.919582][ T27] RSP: 002b:00007f40088a72f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 285.928022][ T27] RAX: ffffffffffffffda RBX: 00007f40089807a0 RCX: 00007f40088fb699 [ 285.936039][ T27] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000004 [ 285.944002][ T27] RBP: 00007f400894d81c R08: 0000000000000000 R09: 0000000000000000 [ 285.952025][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 5f646165726f6964 [ 285.960041][ T27] R13: 7272655f61746164 R14: 0030656c69662f2e R15: 00007f40089807a8 [ 285.968085][ T27] [ 285.971132][ T27] [ 285.971132][ T27] Showing all locks held in the system: [ 285.978885][ T27] 1 lock held by rcu_tasks_kthre/12: [ 285.984169][ T27] #0: ffffffff8c790c70 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 285.994641][ T27] 1 lock held by rcu_tasks_trace/13: [ 285.999923][ T27] #0: ffffffff8c790970 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.010943][ T27] 1 lock held by khungtaskd/27: [ 286.015837][ T27] #0: ffffffff8c7917c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x264 [ 286.025741][ T27] 4 locks held by klogd/4417: [ 286.030425][ T27] #0: ffff8880b983b598 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2f/0x120 [ 286.040384][ T27] #1: ffff8880b98287c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: __wake_up_common_lock+0xb8/0x140 [ 286.052266][ T27] #2: ffff88807ed043f0 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0xb2/0x2080 [ 286.061513][ T27] #3: ffff8880b983b598 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2f/0x120 [ 286.071500][ T27] 2 locks held by getty/4744: [ 286.076205][ T27] #0: ffff888029ea8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 286.086050][ T27] #1: ffffc900015b02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 286.096205][ T27] 3 locks held by syz-executor397/6178: [ 286.101845][ T27] #0: ffff888023c16460 (sb_writers#4){.+.+}-{0:0}, at: ioctl_preallocate+0x18e/0x200 [ 286.111483][ T27] #1: ffff8880731db628 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_fallocate+0x192/0x43d0 [ 286.122180][ T27] #2: ffff8880731db2f0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_convert_inline_data+0x352/0x5f0 [ 286.132561][ T27] [ 286.134903][ T27] ============================================= [ 286.134903][ T27] [ 286.143290][ T27] NMI backtrace for cpu 1 [ 286.147600][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.2.0-rc1-syzkaller #0 [ 286.155647][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.165689][ T27] Call Trace: [ 286.168947][ T27] [ 286.171858][ T27] dump_stack_lvl+0xd1/0x138 [ 286.176437][ T27] nmi_cpu_backtrace.cold+0x24/0x18a [ 286.181708][ T27] nmi_trigger_cpumask_backtrace+0x333/0x3c0 [ 286.187671][ T27] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.192851][ T27] watchdog+0xc75/0xfc0 [ 286.197005][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.202973][ T27] kthread+0x2e8/0x3a0 [ 286.207029][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 286.212643][ T27] ret_from_fork+0x1f/0x30 [ 286.217054][ T27] [ 286.220110][ T27] Sending NMI from CPU 1 to CPUs 0: [ 286.225383][ C0] NMI backtrace for cpu 0 [ 286.225391][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.2.0-rc1-syzkaller #0 [ 286.225404][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.225411][ C0] RIP: 0010:menu_select+0x56e/0x1910 [ 286.225432][ C0] Code: 83 fd 08 0f 85 72 ff ff ff 44 89 64 24 1c 4c 8b 64 24 10 e8 44 79 6a fa 44 8b 34 24 8b 5c 24 50 44 89 f6 89 df e8 62 75 6a fa <44> 39 f3 0f 86 21 02 00 00 e8 24 79 6a fa 8b 5c 24 18 bf 08 00 00 [ 286.225445][ C0] RSP: 0018:ffffffff8c407d20 EFLAGS: 00000093 [ 286.225455][ C0] RAX: 0000000000000000 RBX: 0000000000002073 RCX: ffffffff8716d90e [ 286.225464][ C0] RDX: ffffffff8c4bc940 RSI: 0000000000000000 RDI: 0000000000000004 [ 286.225472][ C0] RBP: 0000000000000008 R08: 0000000000000004 R09: 0000000000002073 [ 286.225480][ C0] R10: 0000000000000b1c R11: 0000000000000000 R12: ffff8880b98399e4 [ 286.225497][ C0] R13: 000000007fffffff R14: 0000000000000b1c R15: dffffc0000000000 [ 286.225508][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 286.225521][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.225530][ C0] CR2: 000055fbe4f8d680 CR3: 000000000c48e000 CR4: 0000000000350ef0 [ 286.225538][ C0] Call Trace: [ 286.225541][ C0] [ 286.225549][ C0] ? menu_reflect+0x130/0x130 [ 286.225567][ C0] do_idle+0x37f/0x590 [ 286.225582][ C0] ? arch_cpu_idle_exit+0x30/0x30 [ 286.225599][ C0] cpu_startup_entry+0x18/0x20 [ 286.225614][ C0] rest_init+0x16d/0x270 [ 286.225627][ C0] ? trace_init_perf_perm_irq_work_exit+0x12/0x12 [ 286.225646][ C0] arch_call_rest_init+0x13/0x1c [ 286.225666][ C0] start_kernel+0x44f/0x470 [ 286.225686][ C0] secondary_startup_64_no_verify+0xce/0xdb [ 286.225708][ C0] [ 286.226382][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 286.402900][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.2.0-rc1-syzkaller #0 [ 286.410954][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.421001][ T27] Call Trace: [ 286.424266][ T27] [ 286.427197][ T27] dump_stack_lvl+0xd1/0x138 [ 286.431784][ T27] panic+0x2cc/0x626 [ 286.435674][ T27] ? panic_print_sys_info.part.0+0x110/0x110 [ 286.441649][ T27] ? preempt_schedule_thunk+0x1a/0x20 [ 286.447040][ T27] ? watchdog.cold+0x130/0x158 [ 286.451798][ T27] watchdog.cold+0x141/0x158 [ 286.456381][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.462359][ T27] kthread+0x2e8/0x3a0 [ 286.466418][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 286.472039][ T27] ret_from_fork+0x1f/0x30 [ 286.476458][ T27] [ 286.480486][ T27] Kernel Offset: disabled [ 286.484800][ T27] Rebooting in 86400 seconds..