./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2451493028 <...> = 4 [pid 1926] close(3) = 0 [pid 1926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1926] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1926] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1926] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1927 attached => {parent_tid=[1927]}, 88) = 1927 [pid 1927] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1927] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1926] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1927] <... futex resumed>) = 0 [pid 1926] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1927] memfd_create("syzkaller", 0 [pid 1926] <... futex resumed>) = 0 [pid 1927] <... memfd_create resumed>) = 3 [pid 1927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 1926] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 1928 attached => {parent_tid=[1928]}, 88) = 1928 [pid 1928] set_robust_list(0x7f22d916f9a0, 24 [pid 1926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1928] <... set_robust_list resumed>) = 0 [pid 1926] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1926] <... futex resumed>) = 0 [pid 1926] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1928] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1928] creat("./bus", 000) = 4 [pid 1928] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] <... futex resumed>) = 0 [pid 1928] <... futex resumed>) = 1 [pid 1927] <... write resumed>) = 262144 [pid 1926] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1928] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1927] munmap(0x7f22d9170000, 138412032 [pid 1926] <... futex resumed>) = 0 [pid 1926] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1927] <... munmap resumed>) = 0 [pid 1927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1927] ioctl(5, LOOP_SET_FD, 3 [pid 1928] <... mount resumed>) = 0 [pid 1928] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] <... futex resumed>) = 0 [pid 1926] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1926] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1928] <... futex resumed>) = 1 [pid 1928] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 1928] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] <... futex resumed>) = 0 [pid 1926] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1926] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1928] <... futex resumed>) = 1 [pid 1928] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1927] <... ioctl resumed>) = 0 [pid 1927] close(3) = 0 [pid 1927] close(5) = 0 [pid 1927] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 1927] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 1927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 1927] ioctl(3, LOOP_CLR_FD) = 0 [pid 1927] close(3) = 0 [pid 1927] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1927] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1928] <... mmap resumed>) = 0x20000000 [pid 1928] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] <... futex resumed>) = 0 [pid 1926] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1927] <... futex resumed>) = 0 [pid 1927] memfd_create("syzkaller", 0) = 3 [pid 1927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1928] <... futex resumed>) = 1 [pid 1928] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1927] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1927] munmap(0x7f22d9170000, 138412032) = 0 [pid 1927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1927] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1927] ioctl(5, LOOP_CLR_FD) = 0 [pid 1927] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1927] close(5) = 0 [pid 1927] close(3) = 0 [pid 1927] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1927] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1926] exit_group(0 [pid 1928] <... futex resumed>) = ? [pid 1926] <... exit_group resumed>) = ? [pid 1928] +++ exited with 0 +++ [pid 1927] <... futex resumed>) = ? [pid 1927] +++ exited with 0 +++ [pid 1926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1926, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./504", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./504/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./504/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./504/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./504/bus") = 0 umount2("./504/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./504/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./504/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./504") = 0 mkdir("./505", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1929 ./strace-static-x86_64: Process 1929 attached [pid 1929] set_robust_list(0x5555564336a0, 24) = 0 [pid 1929] chdir("./505") = 0 [pid 1929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1929] setpgid(0, 0) = 0 [pid 1929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1929] write(3, "1000", 4) = 4 [pid 1929] close(3) = 0 [pid 1929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1929] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1929] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1929] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1930 attached => {parent_tid=[1930]}, 88) = 1930 [pid 1930] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1930] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1929] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1930] <... futex resumed>) = 0 [pid 1929] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1930] memfd_create("syzkaller", 0 [pid 1929] <... futex resumed>) = 0 [pid 1930] <... memfd_create resumed>) = 3 [pid 1930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 1929] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 1931 attached => {parent_tid=[1931]}, 88) = 1931 [pid 1931] set_robust_list(0x7f22d916f9a0, 24 [pid 1929] rt_sigprocmask(SIG_SETMASK, [], [pid 1931] <... set_robust_list resumed>) = 0 [pid 1930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1931] rt_sigprocmask(SIG_SETMASK, [], [pid 1929] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1929] <... futex resumed>) = 0 [pid 1931] creat("./bus", 000 [pid 1929] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1931] <... creat resumed>) = 4 [pid 1931] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1929] <... futex resumed>) = 0 [pid 1931] <... futex resumed>) = 1 [pid 1931] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1929] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 47.969827][ T1927] loop0: detected capacity change from 0 to 512 [pid 1929] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1931] <... mount resumed>) = 0 [pid 1931] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1930] <... write resumed>) = 262144 [pid 1929] <... futex resumed>) = 0 [pid 1930] munmap(0x7f22d9170000, 138412032 [pid 1931] <... futex resumed>) = 1 [pid 1929] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1931] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 1930] <... munmap resumed>) = 0 [pid 1930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1929] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1931] <... open resumed>) = 6 [pid 1931] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1929] <... futex resumed>) = 0 [pid 1930] ioctl(5, LOOP_SET_FD, 3 [pid 1931] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1929] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1930] <... ioctl resumed>) = 0 [pid 1930] close(3) = 0 [pid 1930] close(5 [pid 1931] <... mmap resumed>) = 0x20000000 [pid 1930] <... close resumed>) = 0 [pid 1929] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1930] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 1930] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 1930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 1930] ioctl(3, LOOP_CLR_FD) = 0 [pid 1930] close(3) = 0 [pid 1930] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1930] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1931] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1929] <... futex resumed>) = 0 [pid 1929] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1931] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1930] <... futex resumed>) = 0 [pid 1929] <... futex resumed>) = 1 [pid 1930] memfd_create("syzkaller", 0) = 3 [pid 1930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1930] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1930] munmap(0x7f22d9170000, 138412032) = 0 [pid 1930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1930] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1930] ioctl(5, LOOP_CLR_FD) = 0 [pid 1930] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1930] close(5) = 0 [pid 1930] close(3) = 0 [pid 1930] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1930] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1929] exit_group(0 [pid 1931] <... futex resumed>) = ? [pid 1929] <... exit_group resumed>) = ? [pid 1930] <... futex resumed>) = ? [pid 1931] +++ exited with 0 +++ [pid 1930] +++ exited with 0 +++ [pid 1929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1929, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./505", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./505/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./505/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./505/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./505/bus") = 0 umount2("./505/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./505/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./505/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./505") = 0 mkdir("./506", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1932 attached , child_tidptr=0x555556433690) = 1932 [pid 1932] set_robust_list(0x5555564336a0, 24) = 0 [pid 1932] chdir("./506") = 0 [pid 1932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1932] setpgid(0, 0) = 0 [pid 1932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1932] write(3, "1000", 4) = 4 [pid 1932] close(3) = 0 [pid 1932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1932] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1932] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1932] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1932] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1933 attached [pid 1933] set_robust_list(0x7f22e15909a0, 24 [pid 1932] <... clone3 resumed> => {parent_tid=[1933]}, 88) = 1933 [pid 1933] <... set_robust_list resumed>) = 0 [pid 1932] rt_sigprocmask(SIG_SETMASK, [], [pid 1933] rt_sigprocmask(SIG_SETMASK, [], [pid 1932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1932] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1933] memfd_create("syzkaller", 0 [pid 1932] <... futex resumed>) = 0 [pid 1933] <... memfd_create resumed>) = 3 [pid 1932] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1932] <... futex resumed>) = 0 [pid 1933] <... mmap resumed>) = 0x7f22d9170000 [pid 1932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 1932] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[1934]}, 88) = 1934 [pid 1932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1932] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1932] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1934 attached [pid 1934] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 1934] rt_sigprocmask(SIG_SETMASK, [], [ 48.031871][ T1930] loop0: detected capacity change from 0 to 512 [pid 1933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1934] creat("./bus", 000) = 4 [pid 1934] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1933] <... write resumed>) = 262144 [pid 1933] munmap(0x7f22d9170000, 138412032 [pid 1934] <... futex resumed>) = 1 [pid 1932] <... futex resumed>) = 0 [pid 1932] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1933] <... munmap resumed>) = 0 [pid 1932] <... futex resumed>) = 0 [pid 1933] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1932] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1933] <... openat resumed>) = 5 [pid 1933] ioctl(5, LOOP_SET_FD, 3 [pid 1934] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1934] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1934] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1932] <... futex resumed>) = 0 [pid 1932] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1932] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1934] <... futex resumed>) = 0 [pid 1934] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 1934] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1932] <... futex resumed>) = 0 [pid 1932] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1932] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1934] <... futex resumed>) = 1 [pid 1934] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1933] <... ioctl resumed>) = 0 [pid 1933] close(3) = 0 [pid 1933] close(5) = 0 [pid 1933] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 1933] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 1933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 1933] ioctl(3, LOOP_CLR_FD) = 0 [pid 1933] close(3 [pid 1934] <... mmap resumed>) = 0x20000000 [pid 1933] <... close resumed>) = 0 [pid 1933] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1933] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1934] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1932] <... futex resumed>) = 0 [pid 1932] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1933] <... futex resumed>) = 0 [pid 1933] memfd_create("syzkaller", 0 [pid 1934] <... futex resumed>) = 1 [pid 1934] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1933] <... memfd_create resumed>) = 3 [pid 1933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1933] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1933] munmap(0x7f22d9170000, 138412032) = 0 [pid 1933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1933] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1933] ioctl(5, LOOP_CLR_FD) = 0 [pid 1933] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1933] close(5) = 0 [pid 1933] close(3) = 0 [pid 1933] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1933] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1932] exit_group(0 [pid 1934] <... futex resumed>) = ? [pid 1932] <... exit_group resumed>) = ? [pid 1934] +++ exited with 0 +++ [pid 1933] <... futex resumed>) = ? [pid 1933] +++ exited with 0 +++ [pid 1932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1932, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./506", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./506/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./506/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./506/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./506/bus") = 0 umount2("./506/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./506/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./506/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./506") = 0 mkdir("./507", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 48.094733][ T1933] loop0: detected capacity change from 0 to 512 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1935 ./strace-static-x86_64: Process 1935 attached [pid 1935] set_robust_list(0x5555564336a0, 24) = 0 [pid 1935] chdir("./507") = 0 [pid 1935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1935] setpgid(0, 0) = 0 [pid 1935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1935] write(3, "1000", 4) = 4 [pid 1935] close(3) = 0 [pid 1935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1935] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1935] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1935] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[1936]}, 88) = 1936 [pid 1935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1935] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1935] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1935] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[1937]}, 88) = 1937 [pid 1935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1935] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1935] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1937 attached [pid 1937] set_robust_list(0x7f22e156f9a0, 24) = 0 ./strace-static-x86_64: Process 1936 attached [pid 1937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1937] creat("./bus", 000) = 3 [pid 1936] set_robust_list(0x7f22e15909a0, 24 [pid 1937] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1936] <... set_robust_list resumed>) = 0 [pid 1937] <... futex resumed>) = 1 [pid 1935] <... futex resumed>) = 0 [pid 1936] rt_sigprocmask(SIG_SETMASK, [], [pid 1937] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1935] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1935] <... futex resumed>) = 0 [pid 1937] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1935] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1936] memfd_create("syzkaller", 0 [pid 1937] <... mount resumed>) = 0 [pid 1937] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1936] <... memfd_create resumed>) = 4 [pid 1937] <... futex resumed>) = 1 [pid 1935] <... futex resumed>) = 0 [pid 1936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1937] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1935] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1935] <... futex resumed>) = 0 [pid 1936] <... mmap resumed>) = 0x7f22d914f000 [pid 1937] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 1935] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1936] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1937] <... open resumed>) = 5 [pid 1937] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1935] <... futex resumed>) = 0 [pid 1937] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1935] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1937] <... futex resumed>) = 0 [pid 1935] <... futex resumed>) = 1 [pid 1937] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 1935] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1937] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1937] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1935] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1937] <... futex resumed>) = 0 [pid 1935] <... futex resumed>) = 1 [pid 1937] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 1937] +++ killed by SIGBUS +++ [pid 1936] <... write resumed>) = ? [pid 1936] +++ killed by SIGBUS +++ [pid 1935] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1935, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./507", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./507/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./507/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./507/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./507/bus") = 0 umount2("./507/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./507/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./507/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./507") = 0 mkdir("./508", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1938 ./strace-static-x86_64: Process 1938 attached [pid 1938] set_robust_list(0x5555564336a0, 24) = 0 [pid 1938] chdir("./508") = 0 [pid 1938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1938] setpgid(0, 0) = 0 [pid 1938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1938] write(3, "1000", 4) = 4 [pid 1938] close(3) = 0 [pid 1938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1938] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1938] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1938] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1938] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1939 attached [pid 1939] set_robust_list(0x7f22e15909a0, 24 [pid 1938] <... clone3 resumed> => {parent_tid=[1939]}, 88) = 1939 [pid 1939] <... set_robust_list resumed>) = 0 [pid 1938] rt_sigprocmask(SIG_SETMASK, [], [pid 1939] rt_sigprocmask(SIG_SETMASK, [], [pid 1938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1938] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1938] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1939] memfd_create("syzkaller", 0 [pid 1938] <... mmap resumed>) = 0x7f22e154f000 [pid 1938] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 1939] <... memfd_create resumed>) = 3 [pid 1938] <... mprotect resumed>) = 0 [pid 1939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1939] <... mmap resumed>) = 0x7f22d914f000 [pid 1938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 1940 attached [pid 1940] set_robust_list(0x7f22e156f9a0, 24 [pid 1938] <... clone3 resumed> => {parent_tid=[1940]}, 88) = 1940 [pid 1940] <... set_robust_list resumed>) = 0 [pid 1940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1940] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1938] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1940] <... futex resumed>) = 0 [pid 1940] creat("./bus", 000 [pid 1938] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1940] <... creat resumed>) = 4 [pid 1940] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1940] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1938] <... futex resumed>) = 0 [pid 1938] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1940] <... futex resumed>) = 0 [pid 1940] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1938] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1940] <... mount resumed>) = 0 [pid 1940] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1940] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1938] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1938] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1940] <... futex resumed>) = 0 [pid 1938] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1940] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 1940] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1938] <... futex resumed>) = 0 [pid 1940] <... futex resumed>) = 1 [pid 1938] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1940] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 1938] <... futex resumed>) = 0 [pid 1938] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1940] <... mmap resumed>) = 0x20000000 [pid 1939] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d72} --- [pid 1940] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 1938] <... futex resumed>) = ? [pid 1939] +++ killed by SIGBUS +++ [pid 1940] +++ killed by SIGBUS +++ [pid 1938] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1938, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./508", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./508/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./508/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./508/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./508/bus") = 0 umount2("./508/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./508/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./508/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./508") = 0 mkdir("./509", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1941 attached [pid 1941] set_robust_list(0x5555564336a0, 24 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 1941 [pid 1941] <... set_robust_list resumed>) = 0 [pid 1941] chdir("./509") = 0 [pid 1941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1941] setpgid(0, 0) = 0 [pid 1941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1941] write(3, "1000", 4) = 4 [pid 1941] close(3) = 0 [pid 1941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1941] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1941] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1941] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1942 attached [pid 1942] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1942] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1941] <... clone3 resumed> => {parent_tid=[1942]}, 88) = 1942 [pid 1941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1941] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1942] <... futex resumed>) = 0 [pid 1941] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1942] memfd_create("syzkaller", 0 [pid 1941] <... futex resumed>) = 0 [pid 1942] <... memfd_create resumed>) = 3 [pid 1941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1941] <... mmap resumed>) = 0x7f22d914f000 [pid 1941] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[1943]}, 88) = 1943 [pid 1941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1941] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1941] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1943 attached [pid 1942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1943] set_robust_list(0x7f22d916f9a0, 24 [pid 1942] <... write resumed>) = 262144 [pid 1943] <... set_robust_list resumed>) = 0 [pid 1942] munmap(0x7f22d9170000, 138412032 [pid 1943] rt_sigprocmask(SIG_SETMASK, [], [pid 1942] <... munmap resumed>) = 0 [pid 1943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1942] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1943] creat("./bus", 000 [pid 1942] <... openat resumed>) = 4 [pid 1942] ioctl(4, LOOP_SET_FD, 3 [pid 1943] <... creat resumed>) = 5 [pid 1943] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1941] <... futex resumed>) = 0 [pid 1941] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1941] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1943] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1943] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1941] <... futex resumed>) = 0 [pid 1941] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1941] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1943] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 1943] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1941] <... futex resumed>) = 0 [pid 1941] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1941] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1943] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1942] <... ioctl resumed>) = 0 [pid 1942] close(3) = 0 [pid 1942] close(4) = 0 [pid 1942] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 1942] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 1942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 1942] ioctl(3, LOOP_CLR_FD) = 0 [pid 1942] close(3) = 0 [pid 1942] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1942] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1943] <... mmap resumed>) = 0x20000000 [pid 1943] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1941] <... futex resumed>) = 0 [pid 1941] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1942] <... futex resumed>) = 0 [pid 1943] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1942] memfd_create("syzkaller", 0) = 3 [pid 1942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1942] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1942] munmap(0x7f22d9170000, 138412032) = 0 [pid 1942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1942] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1942] ioctl(4, LOOP_CLR_FD) = 0 [pid 1942] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1942] close(4) = 0 [pid 1942] close(3) = 0 [pid 1942] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1942] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1941] exit_group(0 [pid 1943] <... futex resumed>) = ? [pid 1941] <... exit_group resumed>) = ? [pid 1943] +++ exited with 0 +++ [pid 1942] <... futex resumed>) = ? [pid 1942] +++ exited with 0 +++ [pid 1941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1941, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./509", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./509/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./509/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./509/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./509/bus") = 0 umount2("./509/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./509/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./509/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./509") = 0 mkdir("./510", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1944 ./strace-static-x86_64: Process 1944 attached [pid 1944] set_robust_list(0x5555564336a0, 24) = 0 [pid 1944] chdir("./510") = 0 [pid 1944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1944] setpgid(0, 0) = 0 [pid 1944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1944] write(3, "1000", 4) = 4 [pid 1944] close(3) = 0 [pid 1944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1944] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1944] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1945 attached [pid 1945] set_robust_list(0x7f22e15909a0, 24 [pid 1944] <... clone3 resumed> => {parent_tid=[1945]}, 88) = 1945 [pid 1945] <... set_robust_list resumed>) = 0 [pid 1944] rt_sigprocmask(SIG_SETMASK, [], [pid 1945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1944] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1945] memfd_create("syzkaller", 0 [pid 1944] <... futex resumed>) = 0 [pid 1945] <... memfd_create resumed>) = 3 [pid 1945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1945] <... mmap resumed>) = 0x7f22d914f000 [pid 1944] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[1946]}, 88) = 1946 [pid 1944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1944] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1946 attached [pid 1946] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 1946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1946] creat("./bus", 000) = 4 [pid 1946] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1944] <... futex resumed>) = 0 [pid 1944] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1946] <... futex resumed>) = 1 [pid 1946] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1946] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1944] <... futex resumed>) = 0 [pid 1944] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1946] <... futex resumed>) = 1 [ 48.208123][ T1942] loop0: detected capacity change from 0 to 512 [pid 1946] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 1946] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1944] <... futex resumed>) = 0 [pid 1944] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1946] <... futex resumed>) = 1 [pid 1946] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 1945] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000da1} --- [pid 1946] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1944] <... futex resumed>) = 0 [pid 1944] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1946] <... futex resumed>) = 1 [pid 1945] +++ killed by SIGBUS +++ [pid 1946] +++ killed by SIGBUS +++ [pid 1944] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1944, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./510", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./510/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./510/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./510/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./510/bus") = 0 umount2("./510/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./510/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./510/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./510") = 0 mkdir("./511", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1947 ./strace-static-x86_64: Process 1947 attached [pid 1947] set_robust_list(0x5555564336a0, 24) = 0 [pid 1947] chdir("./511") = 0 [pid 1947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1947] setpgid(0, 0) = 0 [pid 1947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1947] write(3, "1000", 4) = 4 [pid 1947] close(3) = 0 [pid 1947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1947] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1947] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1947] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1947] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1948 attached => {parent_tid=[1948]}, 88) = 1948 [pid 1948] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1948] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1947] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1948] <... futex resumed>) = 0 [pid 1948] memfd_create("syzkaller", 0 [pid 1947] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] <... memfd_create resumed>) = 3 [pid 1947] <... futex resumed>) = 0 [pid 1948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 1947] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[1949]}, 88) = 1949 [pid 1947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1947] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1947] <... futex resumed>) = 0 [pid 1947] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1949 attached [pid 1948] <... write resumed>) = 262144 [pid 1948] munmap(0x7f22d9170000, 138412032 [pid 1949] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 1948] <... munmap resumed>) = 0 [pid 1949] rt_sigprocmask(SIG_SETMASK, [], [pid 1948] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1948] <... openat resumed>) = 4 [pid 1949] creat("./bus", 000 [pid 1948] ioctl(4, LOOP_SET_FD, 3 [pid 1949] <... creat resumed>) = 5 [pid 1949] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1947] <... futex resumed>) = 0 [pid 1947] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1947] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1949] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1949] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1947] <... futex resumed>) = 0 [pid 1947] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1947] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1949] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 1949] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1947] <... futex resumed>) = 0 [pid 1947] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1947] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1949] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1948] <... ioctl resumed>) = 0 [pid 1948] close(3) = 0 [pid 1948] close(4) = 0 [pid 1948] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 1948] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 1948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 1948] ioctl(3, LOOP_CLR_FD) = 0 [pid 1948] close(3) = 0 [pid 1948] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1949] <... mmap resumed>) = 0x20000000 [pid 1949] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1947] <... futex resumed>) = 0 [pid 1947] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1948] <... futex resumed>) = 0 [pid 1948] memfd_create("syzkaller", 0 [pid 1949] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1948] <... memfd_create resumed>) = 3 [pid 1948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1948] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1948] munmap(0x7f22d9170000, 138412032) = 0 [pid 1948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1948] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1948] ioctl(4, LOOP_CLR_FD) = 0 [pid 1948] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1948] close(4) = 0 [pid 1948] close(3) = 0 [pid 1948] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1947] exit_group(0) = ? [pid 1948] <... futex resumed>) = ? [pid 1949] <... futex resumed>) = ? [pid 1948] +++ exited with 0 +++ [pid 1949] +++ exited with 0 +++ [pid 1947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1947, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./511", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./511/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./511/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./511/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./511/bus") = 0 umount2("./511/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./511/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./511/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./511") = 0 mkdir("./512", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1950 ./strace-static-x86_64: Process 1950 attached [pid 1950] set_robust_list(0x5555564336a0, 24) = 0 [pid 1950] chdir("./512") = 0 [pid 1950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1950] setpgid(0, 0) = 0 [pid 1950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1950] write(3, "1000", 4) = 4 [pid 1950] close(3) = 0 [pid 1950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1950] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1950] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1950] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1951 attached [pid 1951] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1951] rt_sigprocmask(SIG_SETMASK, [], [pid 1950] <... clone3 resumed> => {parent_tid=[1951]}, 88) = 1951 [pid 1951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1951] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1950] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1950] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1951] <... futex resumed>) = 0 [pid 1950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1951] memfd_create("syzkaller", 0 [pid 1950] <... mmap resumed>) = 0x7f22e154f000 [pid 1951] <... memfd_create resumed>) = 3 [pid 1951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1950] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 1951] <... mmap resumed>) = 0x7f22d914f000 [pid 1950] <... mprotect resumed>) = 0 [pid 1950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[1952]}, 88) = 1952 [pid 1950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1950] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1950] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1952 attached [pid 1951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1952] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 1952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1952] creat("./bus", 000 [pid 1951] <... write resumed>) = 262144 [pid 1951] munmap(0x7f22d914f000, 138412032) = 0 [ 48.283209][ T1948] loop0: detected capacity change from 0 to 512 [pid 1951] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1952] <... creat resumed>) = 4 [pid 1951] <... openat resumed>) = 5 [pid 1951] ioctl(5, LOOP_SET_FD, 3 [pid 1952] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1950] <... futex resumed>) = 0 [pid 1950] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1950] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1952] <... futex resumed>) = 1 [pid 1952] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1952] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1950] <... futex resumed>) = 0 [pid 1950] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1950] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1952] <... futex resumed>) = 1 [pid 1952] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 1952] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1950] <... futex resumed>) = 0 [pid 1950] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1950] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1952] <... futex resumed>) = 1 [pid 1952] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1951] <... ioctl resumed>) = 0 [pid 1951] close(3) = 0 [pid 1951] close(5) = 0 [pid 1951] mkdir(0x200000c0, 0777 [pid 1952] <... mmap resumed>) = 0x20000000 [pid 1952] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1950] <... futex resumed>) = 0 [pid 1950] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1952] <... futex resumed>) = 1 [pid 1951] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 1951] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 1951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 1951] ioctl(3, LOOP_CLR_FD) = 0 [pid 1951] close(3) = 0 [pid 1952] memfd_create("syzkaller", 0) = 3 [pid 1952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 1951] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1951] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1952] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1952] munmap(0x7f22d914f000, 138412032) = 0 [pid 1952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1952] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1952] ioctl(5, LOOP_CLR_FD) = 0 [pid 1952] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1952] close(5) = 0 [pid 1952] close(3) = 0 [pid 1952] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1952] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1950] exit_group(0) = ? [pid 1951] <... futex resumed>) = ? [pid 1951] +++ exited with 0 +++ [pid 1952] <... futex resumed>) = ? [pid 1952] +++ exited with 0 +++ [pid 1950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1950, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./512", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./512/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./512/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./512/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./512/bus") = 0 umount2("./512/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./512/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./512/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./512") = 0 mkdir("./513", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1953 ./strace-static-x86_64: Process 1953 attached [pid 1953] set_robust_list(0x5555564336a0, 24) = 0 [pid 1953] chdir("./513") = 0 [pid 1953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1953] setpgid(0, 0) = 0 [pid 1953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1953] write(3, "1000", 4) = 4 [pid 1953] close(3) = 0 [pid 1953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1953] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1953] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1953] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 48.350062][ T1951] loop0: detected capacity change from 0 to 512 [pid 1953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1955 attached => {parent_tid=[1955]}, 88) = 1955 [pid 1955] set_robust_list(0x7f22e15909a0, 24 [pid 1953] rt_sigprocmask(SIG_SETMASK, [], [pid 1955] <... set_robust_list resumed>) = 0 [pid 1953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1955] rt_sigprocmask(SIG_SETMASK, [], [pid 1953] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1953] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1953] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1955] memfd_create("syzkaller", 0 [pid 1953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 1955] <... memfd_create resumed>) = 3 [pid 1953] <... clone3 resumed> => {parent_tid=[1956]}, 88) = 1956 [pid 1955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1953] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1953] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1955] <... mmap resumed>) = 0x7f22d914f000 ./strace-static-x86_64: Process 1956 attached [pid 1956] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 1956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1956] creat("./bus", 000) = 4 [pid 1956] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1956] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1953] <... futex resumed>) = 0 [pid 1953] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1956] <... futex resumed>) = 0 [pid 1953] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1956] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1956] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1956] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1953] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1956] <... futex resumed>) = 0 [pid 1953] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1956] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 1956] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1953] <... futex resumed>) = 0 [pid 1956] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1953] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1956] <... futex resumed>) = 0 [pid 1953] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1956] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 1955] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dcf} --- [pid 1956] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1953] <... futex resumed>) = ? [pid 1956] <... futex resumed>) = ? [pid 1956] +++ killed by SIGBUS +++ [pid 1955] +++ killed by SIGBUS +++ [pid 1953] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1953, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./513", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./513/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./513/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./513/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./513/bus") = 0 umount2("./513/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./513/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./513/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./513") = 0 mkdir("./514", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1957 ./strace-static-x86_64: Process 1957 attached [pid 1957] set_robust_list(0x5555564336a0, 24) = 0 [pid 1957] chdir("./514") = 0 [pid 1957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1957] setpgid(0, 0) = 0 [pid 1957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1957] write(3, "1000", 4) = 4 [pid 1957] close(3) = 0 [pid 1957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1957] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1957] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1957] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1958 attached => {parent_tid=[1958]}, 88) = 1958 [pid 1957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1957] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1957] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1957] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1958] set_robust_list(0x7f22e15909a0, 24 [pid 1957] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[1959]}, 88) = 1959 [pid 1958] <... set_robust_list resumed>) = 0 [pid 1957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1957] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1959 attached [pid 1959] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 1959] rt_sigprocmask(SIG_SETMASK, [], [pid 1958] rt_sigprocmask(SIG_SETMASK, [], [pid 1959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1959] creat("./bus", 000) = 3 [pid 1959] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] <... futex resumed>) = 0 [pid 1957] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1959] <... futex resumed>) = 1 [pid 1959] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1959] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] <... futex resumed>) = 0 [pid 1957] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1959] <... futex resumed>) = 1 [pid 1959] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 1959] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] <... futex resumed>) = 0 [pid 1957] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1959] <... futex resumed>) = 1 [pid 1959] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 1959] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] <... futex resumed>) = 0 [pid 1957] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1959] <... futex resumed>) = 1 [pid 1959] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 1958] <... rt_sigprocmask resumed> ) = ? [pid 1959] +++ killed by SIGBUS +++ [pid 1958] +++ killed by SIGBUS +++ [pid 1957] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1957, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./514", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./514/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./514/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./514/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./514/bus") = 0 umount2("./514/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./514/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./514/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./514") = 0 mkdir("./515", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1960 ./strace-static-x86_64: Process 1960 attached [pid 1960] set_robust_list(0x5555564336a0, 24) = 0 [pid 1960] chdir("./515") = 0 [pid 1960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1960] setpgid(0, 0) = 0 [pid 1960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1960] write(3, "1000", 4) = 4 [pid 1960] close(3) = 0 [pid 1960] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1960] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1960] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1960] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1960] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[1961]}, 88) = 1961 ./strace-static-x86_64: Process 1961 attached [pid 1961] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1961] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1960] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1961] <... futex resumed>) = 0 [pid 1960] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] memfd_create("syzkaller", 0) = 3 [pid 1961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1960] <... futex resumed>) = 0 [pid 1960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 1960] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[1962]}, 88) = 1962 ./strace-static-x86_64: Process 1962 attached [pid 1961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1960] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1960] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1962] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 1961] <... write resumed>) = 262144 [pid 1961] munmap(0x7f22d9170000, 138412032 [pid 1962] rt_sigprocmask(SIG_SETMASK, [], [pid 1961] <... munmap resumed>) = 0 [pid 1961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1961] ioctl(4, LOOP_SET_FD, 3 [pid 1962] creat("./bus", 000) = 5 [pid 1962] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1960] <... futex resumed>) = 0 [pid 1960] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1960] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1962] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1962] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1960] <... futex resumed>) = 0 [pid 1960] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1960] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1962] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 1962] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1960] <... futex resumed>) = 0 [pid 1960] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1960] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1962] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1961] <... ioctl resumed>) = 0 [pid 1961] close(3) = 0 [pid 1961] close(4 [pid 1962] <... mmap resumed>) = 0x20000000 [pid 1962] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1960] <... futex resumed>) = 0 [pid 1960] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] <... futex resumed>) = 1 [pid 1962] memfd_create("syzkaller", 0) = 3 [pid 1962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1961] <... close resumed>) = 0 [pid 1961] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 1961] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 1961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1961] ioctl(4, LOOP_CLR_FD) = 0 [pid 1961] close(4 [pid 1962] <... mmap resumed>) = 0x7f22d9170000 [pid 1961] <... close resumed>) = 0 [pid 1961] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1961] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1962] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1962] munmap(0x7f22d9170000, 138412032) = 0 [pid 1962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1962] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1962] ioctl(4, LOOP_CLR_FD) = 0 [pid 1962] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1962] close(4) = 0 [pid 1962] close(3) = 0 [pid 1962] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1960] exit_group(0) = ? [pid 1961] <... futex resumed>) = ? [pid 1961] +++ exited with 0 +++ [pid 1962] <... futex resumed>) = ? [pid 1962] +++ exited with 0 +++ [pid 1960] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1960, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./515", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./515/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./515/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./515/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./515/bus") = 0 umount2("./515/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./515/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./515/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./515") = 0 mkdir("./516", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1963 attached , child_tidptr=0x555556433690) = 1963 [pid 1963] set_robust_list(0x5555564336a0, 24) = 0 [pid 1963] chdir("./516") = 0 [pid 1963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1963] setpgid(0, 0) = 0 [pid 1963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1963] write(3, "1000", 4) = 4 [pid 1963] close(3) = 0 [ 48.451615][ T1961] loop0: detected capacity change from 0 to 512 [pid 1963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1963] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1963] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1963] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[1964]}, 88) = 1964 [pid 1963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1963] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1963] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[1965]}, 88) = 1965 [pid 1963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1963] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1964 attached [pid 1964] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1964] memfd_create("syzkaller", 0) = 3 [pid 1964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 1965 attached ) = 0x7f22d914f000 [pid 1965] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 1965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1965] creat("./bus", 000 [pid 1964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1965] <... creat resumed>) = 4 [pid 1965] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1963] <... futex resumed>) = 0 [pid 1963] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1965] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1964] <... write resumed>) = 262144 [pid 1964] munmap(0x7f22d914f000, 138412032) = 0 [pid 1964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1964] ioctl(5, LOOP_SET_FD, 3 [pid 1965] <... mount resumed>) = 0 [pid 1964] <... ioctl resumed>) = 0 [pid 1964] close(3) = 0 [pid 1964] close(5 [pid 1965] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1964] <... close resumed>) = 0 [pid 1964] mkdir("./file0", 0777) = 0 [pid 1964] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 1963] <... futex resumed>) = 0 [pid 1963] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1965] <... futex resumed>) = 1 [pid 1965] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 1965] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1963] <... futex resumed>) = 0 [pid 1963] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1965] <... futex resumed>) = 1 [pid 1963] <... futex resumed>) = 0 [pid 1965] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 1963] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1965] <... mmap resumed>) = 0x20000000 [pid 1965] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1964] <... mount resumed>) = 0 [pid 1965] <... futex resumed>) = 1 [pid 1964] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY [pid 1963] <... futex resumed>) = 0 [pid 1964] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 1963] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1964] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1963] <... futex resumed>) = 0 [pid 1964] <... openat resumed>) = 5 [pid 1964] ioctl(5, LOOP_CLR_FD) = 0 [pid 1964] close(5 [pid 1965] memfd_create("syzkaller", 0 [pid 1964] <... close resumed>) = 0 [pid 1964] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1964] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1965] <... memfd_create resumed>) = 5 [pid 1965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 1965] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1965] munmap(0x7f22d914f000, 138412032) = 0 [pid 1965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1965] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 1965] ioctl(6, LOOP_CLR_FD) = 0 [pid 1965] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 1965] close(6) = 0 [pid 1965] close(5) = 0 [pid 1965] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1965] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1963] exit_group(0 [pid 1964] <... futex resumed>) = ? [pid 1963] <... exit_group resumed>) = ? [pid 1964] +++ exited with 0 +++ [pid 1965] <... futex resumed>) = ? [pid 1965] +++ exited with 0 +++ [pid 1963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1963, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./516", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./516/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./516/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./516/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./516/bus") = 0 umount2("./516/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./516/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./516/binderfs") = 0 [ 48.524492][ T1964] loop0: detected capacity change from 0 to 512 [ 48.536867][ T1964] EXT4-fs (loop0): 1 truncate cleaned up [ 48.542435][ T1964] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./516/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./516/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./516/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./516/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./516/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./516") = 0 mkdir("./517", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1967 attached [pid 1967] set_robust_list(0x5555564336a0, 24) = 0 [pid 1967] chdir("./517") = 0 [pid 1967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1967] setpgid(0, 0) = 0 [pid 1967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 1967 [pid 1967] <... openat resumed>) = 3 [pid 1967] write(3, "1000", 4) = 4 [pid 1967] close(3) = 0 [pid 1967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1967] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1967] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1967] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1967] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[1968]}, 88) = 1968 [pid 1967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1967] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1967] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1967] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[1969]}, 88) = 1969 [pid 1967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1967] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1967] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1968 attached [pid 1968] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1968] memfd_create("syzkaller", 0./strace-static-x86_64: Process 1969 attached [pid 1969] set_robust_list(0x7f22e156f9a0, 24 [pid 1968] <... memfd_create resumed>) = 3 [pid 1969] <... set_robust_list resumed>) = 0 [pid 1968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1969] rt_sigprocmask(SIG_SETMASK, [], [pid 1968] <... mmap resumed>) = 0x7f22d914f000 [pid 1969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1969] creat("./bus", 000) = 4 [pid 1969] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1967] <... futex resumed>) = 0 [pid 1967] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1967] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1969] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1969] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1967] <... futex resumed>) = 0 [pid 1967] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1967] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1969] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 1969] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1967] <... futex resumed>) = 0 [pid 1967] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1967] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1969] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 1968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d7b} --- [pid 1967] <... futex resumed>) = ? [pid 1968] +++ killed by SIGBUS +++ [pid 1969] +++ killed by SIGBUS +++ [pid 1967] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1967, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./517", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./517/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./517/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./517/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./517/bus") = 0 umount2("./517/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./517/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./517/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./517") = 0 mkdir("./518", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1970 ./strace-static-x86_64: Process 1970 attached [pid 1970] set_robust_list(0x5555564336a0, 24) = 0 [pid 1970] chdir("./518") = 0 [pid 1970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1970] setpgid(0, 0) = 0 [pid 1970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1970] write(3, "1000", 4) = 4 [pid 1970] close(3) = 0 [pid 1970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1970] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1970] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1970] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1971 attached => {parent_tid=[1971]}, 88) = 1971 [pid 1971] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1971] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1970] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1971] <... futex resumed>) = 0 [pid 1970] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1971] memfd_create("syzkaller", 0) = 3 [pid 1971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1970] <... futex resumed>) = 0 [pid 1970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 1970] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 1972 attached => {parent_tid=[1972]}, 88) = 1972 [pid 1972] set_robust_list(0x7f22d916f9a0, 24 [pid 1970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1972] <... set_robust_list resumed>) = 0 [pid 1970] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] rt_sigprocmask(SIG_SETMASK, [], [pid 1970] <... futex resumed>) = 0 [pid 1972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1972] creat("./bus", 000 [pid 1971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1970] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1972] <... creat resumed>) = 4 [pid 1972] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1970] <... futex resumed>) = 0 [pid 1972] <... futex resumed>) = 1 [pid 1970] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1970] <... futex resumed>) = 0 [pid 1972] <... mount resumed>) = 0 [pid 1970] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1972] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1971] <... write resumed>) = 262144 [pid 1971] munmap(0x7f22d9170000, 138412032 [pid 1972] <... futex resumed>) = 1 [pid 1970] <... futex resumed>) = 0 [pid 1971] <... munmap resumed>) = 0 [pid 1971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1970] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1971] ioctl(5, LOOP_SET_FD, 3 [pid 1970] <... futex resumed>) = 0 [ 48.590177][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 1972] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 1970] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1971] <... ioctl resumed>) = 0 [pid 1971] close(3 [pid 1972] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1970] <... futex resumed>) = 0 [pid 1970] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1970] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1972] <... futex resumed>) = 1 [pid 1972] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1971] <... close resumed>) = 0 [pid 1971] close(5 [pid 1972] <... mmap resumed>) = 0x20000000 [pid 1972] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1970] <... futex resumed>) = 0 [pid 1970] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] <... futex resumed>) = 1 [pid 1972] memfd_create("syzkaller", 0) = 3 [pid 1972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1971] <... close resumed>) = 0 [pid 1971] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 1971] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 1971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1971] ioctl(5, LOOP_CLR_FD) = 0 [pid 1971] close(5) = 0 [pid 1971] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1971] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1972] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1972] munmap(0x7f22d9170000, 138412032) = 0 [pid 1972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1972] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1972] ioctl(5, LOOP_CLR_FD) = 0 [pid 1972] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1972] close(5) = 0 [pid 1972] close(3) = 0 [pid 1972] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1970] exit_group(0 [pid 1972] <... futex resumed>) = ? [pid 1970] <... exit_group resumed>) = ? [pid 1971] <... futex resumed>) = ? [pid 1972] +++ exited with 0 +++ [pid 1971] +++ exited with 0 +++ [pid 1970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1970, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./518", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 [ 48.635360][ T1971] loop0: detected capacity change from 0 to 512 umount2("./518/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./518/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./518/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./518/bus") = 0 umount2("./518/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./518/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./518/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./518") = 0 mkdir("./519", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1973 ./strace-static-x86_64: Process 1973 attached [pid 1973] set_robust_list(0x5555564336a0, 24) = 0 [pid 1973] chdir("./519") = 0 [pid 1973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1973] setpgid(0, 0) = 0 [pid 1973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1973] write(3, "1000", 4) = 4 [pid 1973] close(3) = 0 [pid 1973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1973] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1973] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1973] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1973] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1974 attached [pid 1974] set_robust_list(0x7f22e15909a0, 24 [pid 1973] <... clone3 resumed> => {parent_tid=[1974]}, 88) = 1974 [pid 1974] <... set_robust_list resumed>) = 0 [pid 1973] rt_sigprocmask(SIG_SETMASK, [], [pid 1974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1974] memfd_create("syzkaller", 0 [pid 1973] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1974] <... memfd_create resumed>) = 3 [pid 1973] <... futex resumed>) = 0 [pid 1974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1973] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1974] <... mmap resumed>) = 0x7f22d9170000 [pid 1973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 1973] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[1975]}, 88) = 1975 [pid 1973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1973] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1973] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1975 attached [pid 1974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 1975] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 1974] munmap(0x7f22d9170000, 138412032 [pid 1975] rt_sigprocmask(SIG_SETMASK, [], [pid 1974] <... munmap resumed>) = 0 [pid 1975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1974] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1975] creat("./bus", 000 [pid 1974] <... openat resumed>) = 4 [pid 1974] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1975] <... creat resumed>) = 5 [pid 1974] close(3 [pid 1975] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1974] <... close resumed>) = 0 [pid 1975] <... futex resumed>) = 1 [pid 1974] close(4 [pid 1973] <... futex resumed>) = 0 [pid 1973] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1973] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1975] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1974] <... close resumed>) = 0 [pid 1975] <... mount resumed>) = 0 [pid 1975] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1975] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1974] mkdir("./file0", 0777) = 0 [pid 1974] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 1973] <... futex resumed>) = 0 [pid 1973] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1975] <... futex resumed>) = 0 [pid 1973] <... futex resumed>) = 1 [pid 1975] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 1973] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1975] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1975] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 1973] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1975] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 1973] <... futex resumed>) = 0 [pid 1975] <... mmap resumed>) = 0x20000000 [pid 1973] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1975] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1973] <... futex resumed>) = 0 [pid 1975] memfd_create("syzkaller", 0 [pid 1973] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1975] <... memfd_create resumed>) = 4 [pid 1973] <... futex resumed>) = 0 [pid 1975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1975] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1975] munmap(0x7f22d9170000, 138412032) = 0 [pid 1975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1975] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 1975] ioctl(6, LOOP_CLR_FD) = 0 [pid 1975] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 1975] close(6) = 0 [pid 1975] close(4 [pid 1974] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1974] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1975] <... close resumed>) = 0 [pid 1974] <... openat resumed>) = 4 [pid 1975] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1975] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1974] ioctl(4, LOOP_CLR_FD) = 0 [pid 1974] close(4) = 0 [pid 1974] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1974] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1973] exit_group(0) = ? [pid 1975] <... futex resumed>) = ? [pid 1975] +++ exited with 0 +++ [pid 1974] <... futex resumed>) = ? [pid 1974] +++ exited with 0 +++ [pid 1973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1973, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./519", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./519/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./519/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./519/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./519/bus") = 0 umount2("./519/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./519/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./519/binderfs") = 0 umount2("./519/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./519/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./519/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./519/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./519") = 0 mkdir("./520", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1977 attached , child_tidptr=0x555556433690) = 1977 [pid 1977] set_robust_list(0x5555564336a0, 24) = 0 [pid 1977] chdir("./520") = 0 [pid 1977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1977] setpgid(0, 0) = 0 [pid 1977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1977] write(3, "1000", 4) = 4 [pid 1977] close(3) = 0 [pid 1977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1977] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1977] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1977] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1977] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1978 attached [pid 1978] set_robust_list(0x7f22e15909a0, 24 [pid 1977] <... clone3 resumed> => {parent_tid=[1978]}, 88) = 1978 [pid 1978] <... set_robust_list resumed>) = 0 [pid 1977] rt_sigprocmask(SIG_SETMASK, [], [pid 1978] rt_sigprocmask(SIG_SETMASK, [], [pid 1977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1977] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1977] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1978] memfd_create("syzkaller", 0 [pid 1977] <... futex resumed>) = 0 [pid 1978] <... memfd_create resumed>) = 3 [pid 1977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1977] <... mmap resumed>) = 0x7f22e154f000 [ 48.713129][ T1974] loop0: detected capacity change from 0 to 512 [ 48.737964][ T1974] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 48.751693][ T1974] EXT4-fs (loop0): get root inode failed [ 48.757335][ T1974] EXT4-fs (loop0): mount failed [pid 1978] <... mmap resumed>) = 0x7f22d914f000 [pid 1977] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 1979 attached => {parent_tid=[1979]}, 88) = 1979 [pid 1979] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 1979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1979] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1977] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1979] <... futex resumed>) = 0 [pid 1979] creat("./bus", 000 [pid 1977] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1979] <... creat resumed>) = 4 [pid 1979] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1979] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1977] <... futex resumed>) = 0 [pid 1977] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1979] <... futex resumed>) = 0 [pid 1979] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1977] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1979] <... mount resumed>) = 0 [pid 1979] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1977] <... futex resumed>) = 0 [pid 1979] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 1977] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1977] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1979] <... open resumed>) = 5 [pid 1979] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1977] <... futex resumed>) = 0 [pid 1979] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 1977] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1977] <... futex resumed>) = 0 [pid 1977] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1979] <... mmap resumed>) = 0x20000000 [pid 1979] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1977] <... futex resumed>) = 0 [pid 1977] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1979] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 1978] <... write resumed>) = ? [pid 1979] +++ killed by SIGBUS +++ [pid 1978] +++ killed by SIGBUS +++ [pid 1977] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1977, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./520", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./520/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./520/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./520/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./520/bus") = 0 umount2("./520/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./520/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./520/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./520") = 0 mkdir("./521", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1980 ./strace-static-x86_64: Process 1980 attached [pid 1980] set_robust_list(0x5555564336a0, 24) = 0 [pid 1980] chdir("./521") = 0 [pid 1980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1980] setpgid(0, 0) = 0 [pid 1980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1980] write(3, "1000", 4) = 4 [pid 1980] close(3) = 0 [pid 1980] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1980] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1980] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1980] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1980] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[1981]}, 88) = 1981 [pid 1980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1980] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1980] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1980] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 1982 attached ./strace-static-x86_64: Process 1981 attached => {parent_tid=[1982]}, 88) = 1982 [pid 1981] set_robust_list(0x7f22e15909a0, 24 [pid 1980] rt_sigprocmask(SIG_SETMASK, [], [pid 1981] <... set_robust_list resumed>) = 0 [pid 1980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1981] rt_sigprocmask(SIG_SETMASK, [], [pid 1980] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1980] <... futex resumed>) = 0 [pid 1981] memfd_create("syzkaller", 0 [pid 1980] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1981] <... memfd_create resumed>) = 3 [pid 1982] set_robust_list(0x7f22e156f9a0, 24 [pid 1981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1982] <... set_robust_list resumed>) = 0 [pid 1981] <... mmap resumed>) = 0x7f22d914f000 [pid 1982] rt_sigprocmask(SIG_SETMASK, [], [pid 1981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1981] <... write resumed>) = 262144 [pid 1982] creat("./bus", 000 [pid 1981] munmap(0x7f22d914f000, 138412032 [pid 1982] <... creat resumed>) = 4 [pid 1981] <... munmap resumed>) = 0 [pid 1981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1982] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1981] ioctl(5, LOOP_SET_FD, 3 [pid 1982] <... futex resumed>) = 1 [pid 1981] <... ioctl resumed>) = 0 [pid 1980] <... futex resumed>) = 0 [pid 1981] close(3) = 0 [pid 1981] close(5 [pid 1982] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1980] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1981] <... close resumed>) = 0 [pid 1981] mkdir("./file0", 0777 [pid 1980] <... futex resumed>) = 0 [pid 1981] <... mkdir resumed>) = 0 [pid 1980] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1981] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 1982] <... mount resumed>) = 0 [pid 1982] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1980] <... futex resumed>) = 0 [pid 1980] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1980] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1982] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 1982] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1982] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1980] <... futex resumed>) = 0 [pid 1980] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1980] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1982] <... futex resumed>) = 0 [pid 1982] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 1981] <... mount resumed>) = 0 [pid 1981] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 1981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1981] ioctl(5, LOOP_CLR_FD) = 0 [pid 1981] close(5 [pid 1982] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1981] <... close resumed>) = 0 [pid 1981] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1981] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1982] <... futex resumed>) = 1 [pid 1982] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1980] <... futex resumed>) = 0 [pid 1980] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1981] <... futex resumed>) = 0 [pid 1981] memfd_create("syzkaller", 0) = 5 [pid 1981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 1981] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1981] munmap(0x7f22d914f000, 138412032) = 0 [pid 1981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1981] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 1981] ioctl(6, LOOP_CLR_FD) = 0 [pid 1981] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 1981] close(6) = 0 [pid 1981] close(5) = 0 [pid 1981] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1981] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1980] exit_group(0 [pid 1982] <... futex resumed>) = ? [pid 1980] <... exit_group resumed>) = ? [pid 1982] +++ exited with 0 +++ [pid 1981] <... futex resumed>) = ? [pid 1981] +++ exited with 0 +++ [pid 1980] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1980, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./521", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./521/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./521/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./521/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./521/bus") = 0 umount2("./521/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./521/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./521/binderfs") = 0 [ 48.826856][ T1981] loop0: detected capacity change from 0 to 512 [ 48.840280][ T1981] EXT4-fs (loop0): 1 truncate cleaned up umount2("./521/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./521/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./521/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./521/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./521/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./521") = 0 mkdir("./522", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1984 ./strace-static-x86_64: Process 1984 attached [pid 1984] set_robust_list(0x5555564336a0, 24) = 0 [pid 1984] chdir("./522") = 0 [pid 1984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1984] setpgid(0, 0) = 0 [pid 1984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1984] write(3, "1000", 4) = 4 [pid 1984] close(3) = 0 [pid 1984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1984] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1984] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1984] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1984] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1985 attached => {parent_tid=[1985]}, 88) = 1985 [pid 1985] set_robust_list(0x7f22e15909a0, 24 [pid 1984] rt_sigprocmask(SIG_SETMASK, [], [pid 1985] <... set_robust_list resumed>) = 0 [pid 1984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1985] rt_sigprocmask(SIG_SETMASK, [], [pid 1984] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1984] <... futex resumed>) = 0 [pid 1984] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1985] memfd_create("syzkaller", 0 [pid 1984] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1984] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1985] <... memfd_create resumed>) = 3 [pid 1984] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 1985] <... mmap resumed>) = 0x7f22d914f000 ./strace-static-x86_64: Process 1986 attached [pid 1984] <... clone3 resumed> => {parent_tid=[1986]}, 88) = 1986 [pid 1984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1984] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1984] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1986] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 1986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1986] creat("./bus", 000 [pid 1985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1986] <... creat resumed>) = 4 [pid 1986] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1985] <... write resumed>) = 262144 [pid 1985] munmap(0x7f22d914f000, 138412032) = 0 [pid 1985] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1984] <... futex resumed>) = 0 [pid 1986] <... futex resumed>) = 1 [pid 1984] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1984] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1986] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1985] <... openat resumed>) = 5 [pid 1985] ioctl(5, LOOP_SET_FD, 3 [pid 1986] <... mount resumed>) = 0 [pid 1986] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1985] <... ioctl resumed>) = 0 [pid 1985] close(3 [pid 1986] <... futex resumed>) = 1 [pid 1984] <... futex resumed>) = 0 [pid 1985] <... close resumed>) = 0 [pid 1984] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1986] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 1984] <... futex resumed>) = 0 [pid 1985] close(5 [pid 1984] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1986] <... open resumed>) = 3 [pid 1986] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1985] <... close resumed>) = 0 [pid 1985] mkdir("./file0", 0777) = 0 [pid 1985] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 1986] <... futex resumed>) = 1 [pid 1984] <... futex resumed>) = 0 [pid 1986] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 1984] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1984] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1986] <... mmap resumed>) = 0x20000000 [pid 1986] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1984] <... futex resumed>) = 0 [pid 1986] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1984] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1984] <... futex resumed>) = 0 [pid 1986] memfd_create("syzkaller", 0 [pid 1985] <... mount resumed>) = 0 [pid 1985] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 1985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1986] <... memfd_create resumed>) = 6 [pid 1985] ioctl(5, LOOP_CLR_FD) = 0 [pid 1985] close(5 [pid 1986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1985] <... close resumed>) = 0 [pid 1985] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1985] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1986] <... mmap resumed>) = 0x7f22d914f000 [pid 1986] write(6, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1986] munmap(0x7f22d914f000, 138412032) = 0 [pid 1986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1986] ioctl(5, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 1986] ioctl(5, LOOP_CLR_FD) = 0 [pid 1986] ioctl(5, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 1986] close(5) = 0 [pid 1986] close(6) = 0 [pid 1986] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1986] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1984] exit_group(0) = ? [pid 1986] <... futex resumed>) = ? [pid 1985] <... futex resumed>) = ? [pid 1985] +++ exited with 0 +++ [pid 1986] +++ exited with 0 +++ [pid 1984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1984, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./522", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./522/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 48.913381][ T1985] loop0: detected capacity change from 0 to 512 [ 48.925947][ T1985] EXT4-fs (loop0): 1 truncate cleaned up umount2("./522/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./522/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./522/bus") = 0 umount2("./522/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./522/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./522/binderfs") = 0 umount2("./522/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./522/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./522/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./522/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./522/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./522") = 0 mkdir("./523", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1988 attached [pid 1988] set_robust_list(0x5555564336a0, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 1988 [pid 1988] chdir("./523") = 0 [pid 1988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1988] setpgid(0, 0) = 0 [pid 1988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1988] write(3, "1000", 4) = 4 [pid 1988] close(3) = 0 [pid 1988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1988] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1988] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1989 attached => {parent_tid=[1989]}, 88) = 1989 [pid 1989] set_robust_list(0x7f22e15909a0, 24 [pid 1988] rt_sigprocmask(SIG_SETMASK, [], [pid 1989] <... set_robust_list resumed>) = 0 [pid 1988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1989] rt_sigprocmask(SIG_SETMASK, [], [pid 1988] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1988] <... futex resumed>) = 0 [pid 1988] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1989] memfd_create("syzkaller", 0 [pid 1988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1989] <... memfd_create resumed>) = 3 [pid 1988] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 1989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1988] <... mprotect resumed>) = 0 [pid 1988] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1989] <... mmap resumed>) = 0x7f22d914f000 [pid 1988] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 1990 attached => {parent_tid=[1990]}, 88) = 1990 [pid 1990] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 1990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1990] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1988] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1990] <... futex resumed>) = 0 [pid 1988] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] creat("./bus", 000) = 4 [pid 1990] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1988] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1990] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1988] <... futex resumed>) = 0 [pid 1988] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] <... mount resumed>) = 0 [pid 1990] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1990] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 1988] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] <... open resumed>) = 5 [pid 1990] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1990] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1988] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1988] <... futex resumed>) = 0 [pid 1988] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 1989] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d3d} --- [pid 1990] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1988] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1990] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 1990] +++ killed by SIGBUS +++ [pid 1989] +++ killed by SIGBUS +++ [pid 1988] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1988, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./523", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./523/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./523/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./523/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./523/bus") = 0 umount2("./523/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./523/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./523/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./523") = 0 mkdir("./524", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1991 ./strace-static-x86_64: Process 1991 attached [pid 1991] set_robust_list(0x5555564336a0, 24) = 0 [pid 1991] chdir("./524") = 0 [pid 1991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1991] setpgid(0, 0) = 0 [pid 1991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1991] write(3, "1000", 4) = 4 [pid 1991] close(3) = 0 [pid 1991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1991] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1991] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1991] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1992 attached => {parent_tid=[1992]}, 88) = 1992 [pid 1992] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1992] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1991] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1992] <... futex resumed>) = 0 [pid 1992] memfd_create("syzkaller", 0 [pid 1991] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1992] <... memfd_create resumed>) = 3 [pid 1992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1991] <... futex resumed>) = 0 [pid 1991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 1991] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[1993]}, 88) = 1993 [pid 1991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1991] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1991] <... futex resumed>) = 0 [pid 1991] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1993 attached [pid 1992] <... write resumed>) = 262144 [pid 1992] munmap(0x7f22d9170000, 138412032) = 0 [pid 1992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1992] ioctl(4, LOOP_SET_FD, 3 [pid 1993] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 1993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1993] creat("./bus", 000) = 5 [pid 1993] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1991] <... futex resumed>) = 0 [pid 1991] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1991] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1993] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1993] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1991] <... futex resumed>) = 0 [pid 1991] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1991] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1993] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 1993] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1991] <... futex resumed>) = 0 [pid 1991] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1991] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1993] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1992] <... ioctl resumed>) = 0 [pid 1992] close(3) = 0 [pid 1992] close(4) = 0 [pid 1992] mkdir(0x200000c0, 0777 [pid 1993] <... mmap resumed>) = 0x20000000 [pid 1992] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 1992] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 1992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 1992] ioctl(3, LOOP_CLR_FD) = 0 [pid 1992] close(3) = 0 [pid 1992] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1992] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1993] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1991] <... futex resumed>) = 0 [pid 1991] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1992] <... futex resumed>) = 0 [pid 1992] memfd_create("syzkaller", 0 [pid 1993] <... futex resumed>) = 1 [pid 1993] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1992] <... memfd_create resumed>) = 3 [pid 1992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 1992] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1992] munmap(0x7f22d9170000, 138412032) = 0 [pid 1992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1992] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1992] ioctl(4, LOOP_CLR_FD) = 0 [pid 1992] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1992] close(4) = 0 [pid 1992] close(3) = 0 [pid 1992] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1992] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1991] exit_group(0 [pid 1993] <... futex resumed>) = ? [pid 1991] <... exit_group resumed>) = ? [pid 1993] +++ exited with 0 +++ [pid 1992] <... futex resumed>) = ? [pid 1992] +++ exited with 0 +++ [pid 1991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1991, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./524", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./524/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./524/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./524/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./524/bus") = 0 umount2("./524/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./524/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./524/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./524") = 0 mkdir("./525", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1994 ./strace-static-x86_64: Process 1994 attached [pid 1994] set_robust_list(0x5555564336a0, 24) = 0 [pid 1994] chdir("./525") = 0 [pid 1994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1994] setpgid(0, 0) = 0 [pid 1994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1994] write(3, "1000", 4) = 4 [pid 1994] close(3) = 0 [pid 1994] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1994] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1994] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 1995 attached [pid 1995] set_robust_list(0x7f22e15909a0, 24 [pid 1994] <... clone3 resumed> => {parent_tid=[1995]}, 88) = 1995 [pid 1995] <... set_robust_list resumed>) = 0 [pid 1994] rt_sigprocmask(SIG_SETMASK, [], [pid 1995] rt_sigprocmask(SIG_SETMASK, [], [pid 1994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1994] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 49.028071][ T1992] loop0: detected capacity change from 0 to 512 [pid 1995] memfd_create("syzkaller", 0 [pid 1994] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1995] <... memfd_create resumed>) = 3 [pid 1995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1995] <... mmap resumed>) = 0x7f22d914f000 [pid 1994] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 1996 attached => {parent_tid=[1996]}, 88) = 1996 [pid 1996] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 1996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1996] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1994] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1994] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1996] <... futex resumed>) = 0 [pid 1996] creat("./bus", 000 [pid 1994] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... creat resumed>) = 4 [pid 1996] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1994] <... futex resumed>) = 0 [pid 1996] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1994] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... mount resumed>) = 0 [pid 1996] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1994] <... futex resumed>) = 0 [pid 1994] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... futex resumed>) = 1 [pid 1996] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 1996] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1994] <... futex resumed>) = 0 [pid 1996] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 1994] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... mmap resumed>) = 0x20000000 [pid 1995] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d71} --- [pid 1994] <... futex resumed>) = ? [pid 1996] +++ killed by SIGBUS +++ [pid 1995] +++ killed by SIGBUS +++ [pid 1994] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1994, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./525", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./525/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./525/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./525/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./525/bus") = 0 umount2("./525/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./525/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./525/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./525") = 0 mkdir("./526", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 1997 ./strace-static-x86_64: Process 1997 attached [pid 1997] set_robust_list(0x5555564336a0, 24) = 0 [pid 1997] chdir("./526") = 0 [pid 1997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1997] setpgid(0, 0) = 0 [pid 1997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1997] write(3, "1000", 4) = 4 [pid 1997] close(3) = 0 [pid 1997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1997] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1997] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 1997] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 1997] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[1998]}, 88) = 1998 [pid 1997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1997] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1997] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 1997] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[1999]}, 88) = 1999 [pid 1997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1997] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1997] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1998 attached [pid 1998] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 1998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1998] memfd_create("syzkaller", 0) = 3 [pid 1998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 1999 attached [pid 1999] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 1999] rt_sigprocmask(SIG_SETMASK, [], [pid 1998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1999] creat("./bus", 000) = 4 [pid 1999] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1997] <... futex resumed>) = 0 [pid 1997] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1997] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1999] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1998] <... write resumed>) = 262144 [pid 1998] munmap(0x7f22d914f000, 138412032) = 0 [pid 1998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1998] ioctl(5, LOOP_SET_FD, 3 [pid 1999] <... mount resumed>) = 0 [pid 1998] <... ioctl resumed>) = 0 [pid 1999] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1999] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1998] close(3 [pid 1997] <... futex resumed>) = 0 [pid 1998] <... close resumed>) = 0 [pid 1997] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1998] close(5 [pid 1997] <... futex resumed>) = 1 [pid 1999] <... futex resumed>) = 0 [pid 1999] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 1997] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1999] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1998] <... close resumed>) = 0 [pid 1999] <... futex resumed>) = 0 [pid 1998] mkdir("./file0", 0777 [pid 1997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1997] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1997] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1999] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 1998] <... mkdir resumed>) = 0 [pid 1998] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 1998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1998] ioctl(5, LOOP_CLR_FD) = 0 [pid 1998] close(5) = 0 [pid 1998] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1998] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1999] <... mmap resumed>) = 0x20000000 [pid 1999] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1997] <... futex resumed>) = 0 [pid 1997] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1999] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1997] <... futex resumed>) = 1 [pid 1998] <... futex resumed>) = 0 [pid 1998] memfd_create("syzkaller", 0) = 5 [pid 1998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 1998] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 1998] munmap(0x7f22d914f000, 138412032) = 0 [pid 1998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1998] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 1998] ioctl(6, LOOP_CLR_FD) = 0 [pid 1998] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 1998] close(6) = 0 [pid 1998] close(5) = 0 [pid 1998] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1998] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1997] exit_group(0) = ? [pid 1998] <... futex resumed>) = ? [pid 1999] <... futex resumed>) = ? [pid 1999] +++ exited with 0 +++ [pid 1998] +++ exited with 0 +++ [pid 1997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1997, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./526", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./526/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./526/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./526/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./526/bus") = 0 umount2("./526/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./526/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./526/binderfs") = 0 umount2("./526/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./526/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./526/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 49.105371][ T1998] loop0: detected capacity change from 0 to 512 rmdir("./526/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./526") = 0 mkdir("./527", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2000 attached [pid 2000] set_robust_list(0x5555564336a0, 24 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2000 [pid 2000] <... set_robust_list resumed>) = 0 [pid 2000] chdir("./527") = 0 [pid 2000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2000] setpgid(0, 0) = 0 [pid 2000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2000] write(3, "1000", 4) = 4 [pid 2000] close(3) = 0 [pid 2000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2000] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2000] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2000] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2000] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2000] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2000] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2001 attached => {parent_tid=[2001]}, 88) = 2001 [pid 2001] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2001] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2000] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2001] <... futex resumed>) = 0 [pid 2000] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2001] memfd_create("syzkaller", 0 [pid 2000] <... futex resumed>) = 0 [pid 2001] <... memfd_create resumed>) = 3 [pid 2001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2000] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2000] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2000] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2002]}, 88) = 2002 [pid 2000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2000] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2000] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2002 attached [pid 2001] <... write resumed>) = 262144 [pid 2002] set_robust_list(0x7f22d916f9a0, 24 [pid 2001] munmap(0x7f22d9170000, 138412032 [pid 2002] <... set_robust_list resumed>) = 0 [pid 2001] <... munmap resumed>) = 0 [pid 2002] rt_sigprocmask(SIG_SETMASK, [], [pid 2001] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2002] creat("./bus", 000 [pid 2001] <... openat resumed>) = 4 [pid 2001] ioctl(4, LOOP_SET_FD, 3 [pid 2002] <... creat resumed>) = 5 [pid 2002] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2000] <... futex resumed>) = 0 [pid 2000] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2000] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2002] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2002] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2000] <... futex resumed>) = 0 [pid 2000] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2000] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2002] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2002] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2000] <... futex resumed>) = 0 [pid 2000] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2000] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2002] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2001] <... ioctl resumed>) = 0 [pid 2001] close(3) = 0 [pid 2001] close(4 [pid 2002] <... mmap resumed>) = 0x20000000 [pid 2002] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2000] <... futex resumed>) = 0 [pid 2000] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2002] <... futex resumed>) = 1 [pid 2002] memfd_create("syzkaller", 0) = 3 [pid 2002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2001] <... close resumed>) = 0 [pid 2001] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2001] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2001] ioctl(4, LOOP_CLR_FD) = 0 [pid 2001] close(4) = 0 [pid 2001] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2002] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2002] munmap(0x7f22d9170000, 138412032) = 0 [pid 2002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2002] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2002] ioctl(4, LOOP_CLR_FD) = 0 [pid 2002] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2002] close(4) = 0 [pid 2002] close(3) = 0 [pid 2002] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2002] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2000] exit_group(0) = ? [pid 2002] <... futex resumed>) = ? [pid 2001] <... futex resumed>) = ? [pid 2001] +++ exited with 0 +++ [pid 2002] +++ exited with 0 +++ [pid 2000] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2000, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./527", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./527/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./527/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./527/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./527/bus") = 0 umount2("./527/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./527/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./527/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./527") = 0 mkdir("./528", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2003 ./strace-static-x86_64: Process 2003 attached [pid 2003] set_robust_list(0x5555564336a0, 24) = 0 [pid 2003] chdir("./528") = 0 [pid 2003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2003] setpgid(0, 0) = 0 [pid 2003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2003] write(3, "1000", 4) = 4 [pid 2003] close(3) = 0 [pid 2003] symlink("/dev/binderfs", "./binderfs") = 0 [ 49.183361][ T2001] loop0: detected capacity change from 0 to 512 [pid 2003] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2003] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2003] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2004 attached => {parent_tid=[2004]}, 88) = 2004 [pid 2004] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2004] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2003] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2004] <... futex resumed>) = 0 [pid 2003] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2004] memfd_create("syzkaller", 0 [pid 2003] <... futex resumed>) = 0 [pid 2004] <... memfd_create resumed>) = 3 [pid 2004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2003] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2005]}, 88) = 2005 [pid 2003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2003] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2003] <... futex resumed>) = 0 [pid 2003] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2005 attached [pid 2004] <... write resumed>) = 262144 [pid 2005] set_robust_list(0x7f22d916f9a0, 24 [pid 2004] munmap(0x7f22d9170000, 138412032 [pid 2005] <... set_robust_list resumed>) = 0 [pid 2005] rt_sigprocmask(SIG_SETMASK, [], [pid 2004] <... munmap resumed>) = 0 [pid 2005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2004] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2005] creat("./bus", 000 [pid 2004] <... openat resumed>) = 4 [pid 2004] ioctl(4, LOOP_SET_FD, 3 [pid 2005] <... creat resumed>) = 5 [pid 2005] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2003] <... futex resumed>) = 0 [pid 2003] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2005] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2005] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2003] <... futex resumed>) = 0 [pid 2003] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2005] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2005] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2003] <... futex resumed>) = 0 [pid 2003] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2005] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2004] <... ioctl resumed>) = 0 [pid 2004] close(3) = 0 [pid 2004] close(4) = 0 [pid 2004] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2004] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2004] ioctl(3, LOOP_CLR_FD) = 0 [pid 2004] close(3) = 0 [pid 2005] <... mmap resumed>) = 0x20000000 [pid 2005] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2005] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2003] <... futex resumed>) = 0 [pid 2004] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2004] memfd_create("syzkaller", 0) = 3 [pid 2004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2004] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2004] munmap(0x7f22d9170000, 138412032) = 0 [pid 2004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2004] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2004] ioctl(4, LOOP_CLR_FD) = 0 [pid 2004] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2004] close(4) = 0 [pid 2004] close(3) = 0 [pid 2004] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] exit_group(0 [pid 2004] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2003] <... exit_group resumed>) = ? [pid 2005] <... futex resumed>) = ? [pid 2004] <... futex resumed>) = ? [pid 2004] +++ exited with 0 +++ [pid 2005] +++ exited with 0 +++ [pid 2003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2003, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./528", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./528/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./528/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./528/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./528/bus") = 0 [ 49.251800][ T2004] loop0: detected capacity change from 0 to 512 umount2("./528/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./528/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./528/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./528") = 0 mkdir("./529", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2006 ./strace-static-x86_64: Process 2006 attached [pid 2006] set_robust_list(0x5555564336a0, 24) = 0 [pid 2006] chdir("./529") = 0 [pid 2006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2006] setpgid(0, 0) = 0 [pid 2006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2006] write(3, "1000", 4) = 4 [pid 2006] close(3) = 0 [pid 2006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2006] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2006] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2006] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2006] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2007 attached => {parent_tid=[2007]}, 88) = 2007 [pid 2007] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2007] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2007] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2006] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2007] <... futex resumed>) = 0 [pid 2006] <... futex resumed>) = 1 [pid 2007] memfd_create("syzkaller", 0 [pid 2006] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2007] <... memfd_create resumed>) = 3 [pid 2007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2007] <... mmap resumed>) = 0x7f22d914f000 [pid 2006] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2008]}, 88) = 2008 [pid 2006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2006] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2006] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2008 attached [pid 2007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2008] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2007] munmap(0x7f22d914f000, 138412032 [pid 2008] rt_sigprocmask(SIG_SETMASK, [], [pid 2007] <... munmap resumed>) = 0 [pid 2008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2007] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2008] creat("./bus", 000 [pid 2007] <... openat resumed>) = 4 [pid 2007] ioctl(4, LOOP_SET_FD, 3 [pid 2008] <... creat resumed>) = 5 [pid 2008] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2007] <... ioctl resumed>) = 0 [pid 2008] <... futex resumed>) = 1 [pid 2007] close(3 [pid 2006] <... futex resumed>) = 0 [pid 2006] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2006] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2008] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2007] <... close resumed>) = 0 [pid 2008] <... mount resumed>) = 0 [pid 2007] close(4 [pid 2008] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2007] <... close resumed>) = 0 [pid 2008] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2007] mkdir("./file0", 0777) = 0 [pid 2007] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2006] <... futex resumed>) = 0 [pid 2006] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2006] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2008] <... futex resumed>) = 0 [pid 2008] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2008] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2006] <... futex resumed>) = 0 [pid 2006] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2006] <... futex resumed>) = 0 [pid 2006] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2008] <... mmap resumed>) = 0x20000000 [pid 2008] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2006] <... futex resumed>) = 0 [pid 2006] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] memfd_create("syzkaller", 0) = 4 [pid 2008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2008] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2007] <... mount resumed>) = 0 [pid 2007] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2007] ioctl(6, LOOP_CLR_FD) = 0 [pid 2007] close(6) = 0 [pid 2007] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] <... write resumed>) = 4194304 [pid 2007] <... futex resumed>) = 0 [pid 2008] munmap(0x7f22d914f000, 138412032 [pid 2007] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2008] <... munmap resumed>) = 0 [pid 2008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2008] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2008] ioctl(6, LOOP_CLR_FD) = 0 [pid 2008] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2008] close(6) = 0 [pid 2008] close(4) = 0 [pid 2008] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2006] exit_group(0) = ? [pid 2007] <... futex resumed>) = ? [pid 2007] +++ exited with 0 +++ [pid 2008] <... futex resumed>) = ? [pid 2008] +++ exited with 0 +++ [pid 2006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2006, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./529", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./529/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./529/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./529/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./529/bus") = 0 umount2("./529/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./529/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./529/binderfs") = 0 umount2("./529/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./529/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./529/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./529/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./529/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./529") = 0 mkdir("./530", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2010 attached , child_tidptr=0x555556433690) = 2010 [pid 2010] set_robust_list(0x5555564336a0, 24) = 0 [pid 2010] chdir("./530") = 0 [pid 2010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2010] setpgid(0, 0) = 0 [pid 2010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2010] write(3, "1000", 4) = 4 [pid 2010] close(3) = 0 [pid 2010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2010] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2010] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2010] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2010] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2010] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2011 attached => {parent_tid=[2011]}, 88) = 2011 [pid 2011] set_robust_list(0x7f22e15909a0, 24 [pid 2010] rt_sigprocmask(SIG_SETMASK, [], [pid 2011] <... set_robust_list resumed>) = 0 [pid 2010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2011] rt_sigprocmask(SIG_SETMASK, [], [pid 2010] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2010] <... futex resumed>) = 0 [pid 2010] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2011] memfd_create("syzkaller", 0 [pid 2010] <... mmap resumed>) = 0x7f22e154f000 [pid 2010] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2011] <... memfd_create resumed>) = 3 [pid 2010] <... mprotect resumed>) = 0 [pid 2011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2010] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2011] <... mmap resumed>) = 0x7f22d914f000 [pid 2010] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2012]}, 88) = 2012 [pid 2010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2010] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2010] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2012 attached [pid 2011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2012] set_robust_list(0x7f22e156f9a0, 24 [pid 2011] munmap(0x7f22d914f000, 138412032 [pid 2012] <... set_robust_list resumed>) = 0 [pid 2011] <... munmap resumed>) = 0 [pid 2012] rt_sigprocmask(SIG_SETMASK, [], [pid 2011] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2012] creat("./bus", 000 [pid 2011] <... openat resumed>) = 4 [pid 2011] ioctl(4, LOOP_SET_FD, 3 [pid 2012] <... creat resumed>) = 5 [pid 2011] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 2011] ioctl(4, LOOP_CLR_FD [pid 2012] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2011] <... ioctl resumed>) = 0 [pid 2012] <... futex resumed>) = 1 [pid 2010] <... futex resumed>) = 0 [pid 2012] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2010] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2010] <... futex resumed>) = 0 [pid 2012] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2010] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2012] <... mount resumed>) = 0 [pid 2012] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2010] <... futex resumed>) = 0 [pid 2012] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2010] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2010] <... futex resumed>) = 0 [ 49.328034][ T2007] loop0: detected capacity change from 0 to 512 [ 49.351557][ T2007] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor245: couldn't read orphan inode 12 (err -116) [pid 2012] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2010] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2012] <... open resumed>) = 6 [pid 2012] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2010] <... futex resumed>) = 0 [pid 2011] ioctl(4, LOOP_SET_FD, 3 [pid 2010] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2012] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2010] <... futex resumed>) = 0 [pid 2011] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 2010] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2011] close(4) = 0 [pid 2011] close(3) = 0 [pid 2012] <... mmap resumed>) = 0x20000000 [pid 2011] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2011] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2012] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2010] <... futex resumed>) = 0 [pid 2010] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2011] <... futex resumed>) = 0 [pid 2011] memfd_create("syzkaller", 0) = 3 [pid 2011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2012] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2011] <... mmap resumed>) = 0x7f22d914f000 [pid 2011] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2011] munmap(0x7f22d914f000, 138412032) = 0 [pid 2011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2011] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2011] ioctl(4, LOOP_CLR_FD) = 0 [pid 2011] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2011] close(4) = 0 [pid 2011] close(3) = 0 [pid 2011] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2011] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2010] exit_group(0 [pid 2012] <... futex resumed>) = ? [pid 2010] <... exit_group resumed>) = ? [pid 2012] +++ exited with 0 +++ [pid 2011] <... futex resumed>) = ? [pid 2011] +++ exited with 0 +++ [pid 2010] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2010, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./530", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./530/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./530/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./530/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./530/bus") = 0 umount2("./530/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./530/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./530/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./530") = 0 mkdir("./531", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2014 ./strace-static-x86_64: Process 2014 attached [pid 2014] set_robust_list(0x5555564336a0, 24) = 0 [pid 2014] chdir("./531") = 0 [pid 2014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2014] setpgid(0, 0) = 0 [pid 2014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2014] write(3, "1000", 4) = 4 [pid 2014] close(3) = 0 [pid 2014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2014] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2014] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2014] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2014] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2015 attached [pid 2015] set_robust_list(0x7f22e15909a0, 24 [pid 2014] <... clone3 resumed> => {parent_tid=[2015]}, 88) = 2015 [pid 2015] <... set_robust_list resumed>) = 0 [pid 2014] rt_sigprocmask(SIG_SETMASK, [], [pid 2015] rt_sigprocmask(SIG_SETMASK, [], [pid 2014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2014] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2014] <... futex resumed>) = 0 [pid 2014] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2015] memfd_create("syzkaller", 0 [pid 2014] <... futex resumed>) = 0 [pid 2014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2015] <... memfd_create resumed>) = 3 [pid 2015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2014] <... mmap resumed>) = 0x7f22e154f000 [pid 2014] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2015] <... mmap resumed>) = 0x7f22d914f000 [pid 2014] <... mprotect resumed>) = 0 [pid 2014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2016]}, 88) = 2016 [pid 2014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2014] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2014] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2016 attached [pid 2016] set_robust_list(0x7f22e156f9a0, 24 [pid 2015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2016] <... set_robust_list resumed>) = 0 [pid 2016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2016] creat("./bus", 000) = 4 [pid 2015] <... write resumed>) = 262144 [pid 2016] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2014] <... futex resumed>) = 0 [pid 2014] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2014] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2016] <... futex resumed>) = 1 [pid 2016] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2015] munmap(0x7f22d914f000, 138412032 [pid 2016] <... mount resumed>) = 0 [pid 2016] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2014] <... futex resumed>) = 0 [pid 2014] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2014] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2016] <... futex resumed>) = 1 [pid 2016] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2016] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2014] <... futex resumed>) = 0 [pid 2014] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2014] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2016] <... futex resumed>) = 1 [pid 2016] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2015] <... munmap resumed>) = 0 [pid 2015] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2016] <... mmap resumed>) = 0x20000000 [pid 2016] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2015] <... openat resumed>) = 6 [pid 2016] <... futex resumed>) = 1 [pid 2015] ioctl(6, LOOP_SET_FD, 3 [pid 2014] <... futex resumed>) = 0 [pid 2014] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2016] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2015] <... ioctl resumed>) = ? [pid 2016] +++ killed by SIGBUS +++ [pid 2015] +++ killed by SIGBUS +++ [pid 2014] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2014, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./531", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./531/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./531/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./531/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./531/bus") = 0 umount2("./531/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./531/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./531/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./531") = 0 mkdir("./532", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2017 ./strace-static-x86_64: Process 2017 attached [pid 2017] set_robust_list(0x5555564336a0, 24) = 0 [pid 2017] chdir("./532") = 0 [pid 2017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2017] setpgid(0, 0) = 0 [pid 2017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2017] write(3, "1000", 4) = 4 [pid 2017] close(3) = 0 [pid 2017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2017] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2017] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2017] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2017] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2018]}, 88) = 2018 [pid 2017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2017] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2017] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 2018 attached ) = 0x7f22e154f000 [pid 2018] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2018] memfd_create("syzkaller", 0 [pid 2017] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2018] <... memfd_create resumed>) = 3 [pid 2018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2017] <... mprotect resumed>) = 0 [pid 2017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2019 attached => {parent_tid=[2019]}, 88) = 2019 [pid 2019] set_robust_list(0x7f22e156f9a0, 24 [pid 2017] rt_sigprocmask(SIG_SETMASK, [], [pid 2019] <... set_robust_list resumed>) = 0 [pid 2018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2019] rt_sigprocmask(SIG_SETMASK, [], [pid 2017] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2017] <... futex resumed>) = 0 [pid 2019] creat("./bus", 000 [pid 2017] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2018] <... write resumed>) = 262144 [pid 2018] munmap(0x7f22d914f000, 138412032) = 0 [pid 2018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2019] <... creat resumed>) = 4 [pid 2018] ioctl(5, LOOP_SET_FD, 3 [pid 2019] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2017] <... futex resumed>) = 0 [pid 2017] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2017] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2019] <... futex resumed>) = 1 [pid 2019] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2018] <... ioctl resumed>) = 0 [pid 2019] <... mount resumed>) = 0 [pid 2018] close(3) = 0 [pid 2018] close(5) = 0 [pid 2018] mkdir("./file0", 0777 [pid 2019] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2019] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2017] <... futex resumed>) = 0 [pid 2017] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2019] <... futex resumed>) = 0 [pid 2019] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2019] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2019] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2018] <... mkdir resumed>) = 0 [pid 2018] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2017] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2017] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2019] <... futex resumed>) = 0 [pid 2017] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2019] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [ 49.470170][ T2015] loop0: detected capacity change from 0 to 512 [ 49.505807][ T2018] loop0: detected capacity change from 0 to 512 [pid 2019] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2017] <... futex resumed>) = 0 [pid 2017] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2019] <... futex resumed>) = 1 [pid 2018] <... mount resumed>) = 0 [pid 2019] memfd_create("syzkaller", 0 [pid 2018] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY [pid 2019] <... memfd_create resumed>) = 5 [pid 2019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2018] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 2018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2018] ioctl(6, LOOP_CLR_FD) = 0 [pid 2018] close(6) = 0 [pid 2018] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2018] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2019] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2019] munmap(0x7f22d914f000, 138412032) = 0 [pid 2019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2019] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2019] ioctl(6, LOOP_CLR_FD) = 0 [pid 2019] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2019] close(6) = 0 [pid 2019] close(5) = 0 [pid 2019] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2019] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2017] exit_group(0) = ? [pid 2019] <... futex resumed>) = ? [pid 2018] <... futex resumed>) = ? [pid 2018] +++ exited with 0 +++ [pid 2019] +++ exited with 0 +++ [pid 2017] +++ exited with 0 +++ [ 49.519443][ T2018] EXT4-fs (loop0): 1 truncate cleaned up --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2017, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./532", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./532/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./532/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./532/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./532/bus") = 0 umount2("./532/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./532/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./532/binderfs") = 0 umount2("./532/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./532/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./532/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./532/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./532/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./532") = 0 mkdir("./533", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2021 ./strace-static-x86_64: Process 2021 attached [pid 2021] set_robust_list(0x5555564336a0, 24) = 0 [pid 2021] chdir("./533") = 0 [pid 2021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2021] setpgid(0, 0) = 0 [pid 2021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2021] write(3, "1000", 4) = 4 [pid 2021] close(3) = 0 [pid 2021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2021] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2021] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2022]}, 88) = 2022 [pid 2021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2021] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2021] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2023]}, 88) = 2023 [pid 2021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2021] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2022 attached [pid 2022] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2022] memfd_create("syzkaller", 0) = 3 [pid 2022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2022] munmap(0x7f22d914f000, 138412032) = 0 [pid 2022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2022] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2023 attached [pid 2023] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2023] creat("./bus", 000) = 5 [pid 2023] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2023] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2021] <... futex resumed>) = 0 [pid 2022] <... ioctl resumed>) = 0 [pid 2022] close(3 [pid 2021] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2023] <... futex resumed>) = 0 [pid 2021] <... futex resumed>) = 1 [pid 2023] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2023] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2023] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2022] <... close resumed>) = 0 [pid 2021] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2021] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2023] <... futex resumed>) = 0 [pid 2021] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2022] close(4 [pid 2023] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2023] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2021] <... futex resumed>) = 0 [pid 2023] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2021] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2023] <... mmap resumed>) = 0x20000000 [pid 2022] <... close resumed>) = 0 [pid 2022] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2022] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2022] ioctl(4, LOOP_CLR_FD) = 0 [pid 2022] close(4) = 0 [pid 2022] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2022] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2023] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2021] <... futex resumed>) = 0 [pid 2021] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2022] <... futex resumed>) = 0 [pid 2022] memfd_create("syzkaller", 0 [pid 2023] <... futex resumed>) = 1 [pid 2022] <... memfd_create resumed>) = 4 [pid 2023] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2022] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2022] munmap(0x7f22d914f000, 138412032) = 0 [pid 2022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2022] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2022] ioctl(6, LOOP_CLR_FD) = 0 [pid 2022] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2022] close(6) = 0 [pid 2022] close(4) = 0 [pid 2022] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] exit_group(0 [pid 2022] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2021] <... exit_group resumed>) = ? [pid 2023] <... futex resumed>) = ? [pid 2022] <... futex resumed>) = ? [pid 2023] +++ exited with 0 +++ [pid 2022] +++ exited with 0 +++ [pid 2021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2021, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./533", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./533/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./533/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./533/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./533/bus") = 0 umount2("./533/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./533/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./533/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./533") = 0 mkdir("./534", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2024 ./strace-static-x86_64: Process 2024 attached [pid 2024] set_robust_list(0x5555564336a0, 24) = 0 [pid 2024] chdir("./534") = 0 [pid 2024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 49.577176][ T2022] loop0: detected capacity change from 0 to 512 [pid 2024] setpgid(0, 0) = 0 [pid 2024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2024] write(3, "1000", 4) = 4 [pid 2024] close(3) = 0 [pid 2024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2024] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2024] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2024] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2025 attached => {parent_tid=[2025]}, 88) = 2025 [pid 2025] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2025] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2024] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2025] <... futex resumed>) = 0 [pid 2024] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2025] memfd_create("syzkaller", 0 [pid 2024] <... futex resumed>) = 0 [pid 2024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2024] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2025] <... memfd_create resumed>) = 3 [pid 2024] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2024] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2025] <... mmap resumed>) = 0x7f22d914f000 [pid 2024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2026 attached [pid 2026] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2026] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2024] <... clone3 resumed> => {parent_tid=[2026]}, 88) = 2026 [pid 2024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2024] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2026] creat("./bus", 000 [pid 2024] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2026] <... creat resumed>) = 4 [pid 2026] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2024] <... futex resumed>) = 0 [pid 2024] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2026] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2024] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2026] <... mount resumed>) = 0 [pid 2025] <... write resumed>) = 262144 [pid 2026] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2025] munmap(0x7f22d914f000, 138412032 [pid 2024] <... futex resumed>) = 0 [pid 2024] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2026] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2026] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2024] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2025] <... munmap resumed>) = 0 [pid 2026] <... futex resumed>) = 0 [pid 2026] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2025] <... openat resumed>) = 6 [pid 2024] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2025] ioctl(6, LOOP_SET_FD, 3 [pid 2024] <... futex resumed>) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2026] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2024] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2025] <... ioctl resumed>) = 0 [pid 2025] close(3) = 0 [pid 2025] close(6) = 0 [pid 2025] mkdir(0x200000c0, 0777 [pid 2026] <... mmap resumed>) = 0x20000000 [pid 2026] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2024] <... futex resumed>) = 0 [pid 2024] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2025] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2024] <... futex resumed>) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2026] memfd_create("syzkaller", 0 [pid 2025] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2026] <... memfd_create resumed>) = 3 [pid 2026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2025] ioctl(6, LOOP_CLR_FD) = 0 [pid 2026] <... mmap resumed>) = 0x7f22d914f000 [pid 2025] close(6) = 0 [pid 2025] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2025] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2026] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2026] munmap(0x7f22d914f000, 138412032) = 0 [pid 2026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2026] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2026] ioctl(6, LOOP_CLR_FD) = 0 [pid 2026] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2026] close(6) = 0 [pid 2026] close(3) = 0 [pid 2026] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2024] exit_group(0) = ? [pid 2025] <... futex resumed>) = ? [pid 2026] <... futex resumed>) = ? [pid 2025] +++ exited with 0 +++ [pid 2026] +++ exited with 0 +++ [pid 2024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2024, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./534", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./534/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./534/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./534/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./534/bus") = 0 umount2("./534/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./534/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./534/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./534") = 0 mkdir("./535", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2027 ./strace-static-x86_64: Process 2027 attached [pid 2027] set_robust_list(0x5555564336a0, 24) = 0 [pid 2027] chdir("./535") = 0 [pid 2027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2027] setpgid(0, 0) = 0 [pid 2027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2027] write(3, "1000", 4) = 4 [pid 2027] close(3) = 0 [pid 2027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2027] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2027] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2027] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2028]}, 88) = 2028 [pid 2027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 2028 attached [pid 2027] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2027] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2028] set_robust_list(0x7f22e15909a0, 24 [pid 2027] <... mmap resumed>) = 0x7f22e154f000 [pid 2028] <... set_robust_list resumed>) = 0 [pid 2027] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2028] rt_sigprocmask(SIG_SETMASK, [], [pid 2027] <... mprotect resumed>) = 0 [pid 2027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2029 attached [pid 2028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2027] <... clone3 resumed> => {parent_tid=[2029]}, 88) = 2029 [pid 2027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2027] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2027] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2029] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2029] creat("./bus", 000 [pid 2028] memfd_create("syzkaller", 0) = 4 [pid 2029] <... creat resumed>) = 3 [pid 2029] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2027] <... futex resumed>) = 0 [pid 2027] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2027] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 49.650336][ T2025] loop0: detected capacity change from 0 to 512 [pid 2029] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2029] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2027] <... futex resumed>) = 0 [pid 2027] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2027] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2029] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2029] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2027] <... futex resumed>) = 0 [pid 2027] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2027] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2029] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2029] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2028] <... mmap resumed>) = 0x7f22d914f000 [pid 2027] <... futex resumed>) = 0 [pid 2027] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2029] <... futex resumed>) = 1 [pid 2029] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2028] +++ killed by SIGBUS +++ [pid 2029] +++ killed by SIGBUS +++ [pid 2027] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2027, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./535", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./535/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./535/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./535/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./535/bus") = 0 umount2("./535/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./535/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./535/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./535") = 0 mkdir("./536", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2030 ./strace-static-x86_64: Process 2030 attached [pid 2030] set_robust_list(0x5555564336a0, 24) = 0 [pid 2030] chdir("./536") = 0 [pid 2030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2030] setpgid(0, 0) = 0 [pid 2030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2030] write(3, "1000", 4) = 4 [pid 2030] close(3) = 0 [pid 2030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2030] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2030] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2030] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2030] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2031 attached => {parent_tid=[2031]}, 88) = 2031 [pid 2031] set_robust_list(0x7f22e15909a0, 24 [pid 2030] rt_sigprocmask(SIG_SETMASK, [], [pid 2031] <... set_robust_list resumed>) = 0 [pid 2030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2031] rt_sigprocmask(SIG_SETMASK, [], [pid 2030] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2030] <... futex resumed>) = 0 [pid 2031] memfd_create("syzkaller", 0 [pid 2030] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2031] <... memfd_create resumed>) = 3 [pid 2031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2030] <... mmap resumed>) = 0x7f22e154f000 [pid 2030] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2031] <... mmap resumed>) = 0x7f22d914f000 [pid 2030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2032]}, 88) = 2032 [pid 2030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2030] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2030] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2032 attached [pid 2031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2032] set_robust_list(0x7f22e156f9a0, 24 [pid 2031] <... write resumed>) = 262144 [pid 2031] munmap(0x7f22d914f000, 138412032 [pid 2032] <... set_robust_list resumed>) = 0 [pid 2032] rt_sigprocmask(SIG_SETMASK, [], [pid 2031] <... munmap resumed>) = 0 [pid 2032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2031] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2032] creat("./bus", 000 [pid 2031] <... openat resumed>) = 4 [pid 2031] ioctl(4, LOOP_SET_FD, 3 [pid 2032] <... creat resumed>) = 5 [pid 2032] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2032] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2030] <... futex resumed>) = 0 [pid 2031] <... ioctl resumed>) = 0 [pid 2030] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2031] close(3 [pid 2030] <... futex resumed>) = 1 [pid 2032] <... futex resumed>) = 0 [pid 2032] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2030] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2031] <... close resumed>) = 0 [pid 2032] <... mount resumed>) = 0 [pid 2032] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2032] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2031] close(4 [pid 2030] <... futex resumed>) = 0 [pid 2031] <... close resumed>) = 0 [pid 2030] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2031] mkdir("./file0", 0777 [pid 2030] <... futex resumed>) = 1 [pid 2030] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2032] <... futex resumed>) = 0 [pid 2032] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2032] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2032] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2030] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2032] <... futex resumed>) = 0 [pid 2032] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2030] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2031] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2032] <... mmap resumed>) = 0x20000000 [pid 2031] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2031] ioctl(4, LOOP_CLR_FD) = 0 [pid 2032] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2031] close(4) = 0 [pid 2030] <... futex resumed>) = 0 [pid 2032] <... futex resumed>) = 1 [pid 2030] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2031] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2032] memfd_create("syzkaller", 0 [pid 2031] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2032] <... memfd_create resumed>) = 4 [pid 2032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2032] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2032] munmap(0x7f22d914f000, 138412032) = 0 [pid 2032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2032] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2032] ioctl(6, LOOP_CLR_FD) = 0 [pid 2032] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2032] close(6) = 0 [pid 2032] close(4) = 0 [pid 2032] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2032] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2030] exit_group(0 [pid 2032] <... futex resumed>) = ? [pid 2031] <... futex resumed>) = ? [pid 2030] <... exit_group resumed>) = ? [pid 2031] +++ exited with 0 +++ [pid 2032] +++ exited with 0 +++ [pid 2030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2030, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./536", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./536/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./536/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./536/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./536/bus") = 0 umount2("./536/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./536/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./536/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./536") = 0 mkdir("./537", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2033 ./strace-static-x86_64: Process 2033 attached [pid 2033] set_robust_list(0x5555564336a0, 24) = 0 [pid 2033] chdir("./537") = 0 [pid 2033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 49.730962][ T2031] loop0: detected capacity change from 0 to 512 [pid 2033] setpgid(0, 0) = 0 [pid 2033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2033] write(3, "1000", 4) = 4 [pid 2033] close(3) = 0 [pid 2033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2033] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2033] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2034]}, 88) = 2034 [pid 2033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2033] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2034 attached [pid 2034] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2033] <... futex resumed>) = 0 [pid 2034] memfd_create("syzkaller", 0) = 3 [pid 2034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2034] <... mmap resumed>) = 0x7f22d9170000 [pid 2033] <... mmap resumed>) = 0x7f22d914f000 [pid 2033] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2035]}, 88) = 2035 ./strace-static-x86_64: Process 2035 attached [pid 2034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2035] set_robust_list(0x7f22d916f9a0, 24 [pid 2034] <... write resumed>) = 262144 [pid 2033] rt_sigprocmask(SIG_SETMASK, [], [pid 2034] munmap(0x7f22d9170000, 138412032 [pid 2035] <... set_robust_list resumed>) = 0 [pid 2033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2034] <... munmap resumed>) = 0 [pid 2034] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2033] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2034] <... openat resumed>) = 4 [pid 2034] ioctl(4, LOOP_SET_FD, 3 [pid 2035] rt_sigprocmask(SIG_SETMASK, [], [pid 2033] <... futex resumed>) = 0 [pid 2035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2033] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2035] creat("./bus", 000) = 5 [pid 2035] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2035] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2035] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2035] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2035] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2035] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2033] <... futex resumed>) = 0 [pid 2034] <... ioctl resumed>) = 0 [pid 2033] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2034] close(3) = 0 [pid 2035] <... mmap resumed>) = 0x20000000 [pid 2034] close(4 [pid 2035] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2035] memfd_create("syzkaller", 0) = 3 [pid 2035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2034] <... close resumed>) = 0 [pid 2034] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2034] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2034] ioctl(4, LOOP_CLR_FD) = 0 [pid 2034] close(4) = 0 [pid 2034] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2034] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2035] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2035] munmap(0x7f22d9170000, 138412032) = 0 [pid 2035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2035] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2035] ioctl(4, LOOP_CLR_FD) = 0 [pid 2035] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2035] close(4) = 0 [pid 2035] close(3) = 0 [pid 2035] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2035] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2033] exit_group(0) = ? [pid 2034] <... futex resumed>) = ? [pid 2035] <... futex resumed>) = ? [pid 2034] +++ exited with 0 +++ [pid 2035] +++ exited with 0 +++ [pid 2033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2033, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./537", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./537/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./537/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./537/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./537/bus") = 0 umount2("./537/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./537/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./537/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./537") = 0 mkdir("./538", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2036 ./strace-static-x86_64: Process 2036 attached [pid 2036] set_robust_list(0x5555564336a0, 24) = 0 [pid 2036] chdir("./538") = 0 [pid 2036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2036] setpgid(0, 0) = 0 [pid 2036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2036] write(3, "1000", 4) = 4 [pid 2036] close(3) = 0 [pid 2036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2036] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2036] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2037]}, 88) = 2037 [pid 2036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2036] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2036] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2038]}, 88) = 2038 [pid 2036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2036] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2038 attached ./strace-static-x86_64: Process 2037 attached [pid 2038] set_robust_list(0x7f22e156f9a0, 24 [pid 2037] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2038] <... set_robust_list resumed>) = 0 [pid 2038] rt_sigprocmask(SIG_SETMASK, [], [pid 2037] memfd_create("syzkaller", 0 [pid 2038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2037] <... memfd_create resumed>) = 3 [pid 2038] creat("./bus", 000 [pid 2037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2038] <... creat resumed>) = 4 [pid 2038] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2037] <... mmap resumed>) = 0x7f22d914f000 [pid 2038] <... futex resumed>) = 1 [pid 2036] <... futex resumed>) = 0 [pid 2038] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2036] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2038] <... mount resumed>) = 0 [pid 2038] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2036] <... futex resumed>) = 0 [pid 2036] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2038] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2038] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2036] <... futex resumed>) = 0 [pid 2036] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 49.812156][ T2034] loop0: detected capacity change from 0 to 512 [pid 2036] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2038] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2037] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000db3} --- [pid 2038] ????() = ? [pid 2036] <... futex resumed>) = ? [pid 2038] +++ killed by SIGBUS +++ [pid 2037] +++ killed by SIGBUS +++ [pid 2036] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2036, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./538", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./538/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./538/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./538/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./538/bus") = 0 umount2("./538/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./538/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./538/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./538") = 0 mkdir("./539", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2039 attached , child_tidptr=0x555556433690) = 2039 [pid 2039] set_robust_list(0x5555564336a0, 24) = 0 [pid 2039] chdir("./539") = 0 [pid 2039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2039] setpgid(0, 0) = 0 [pid 2039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2039] write(3, "1000", 4) = 4 [pid 2039] close(3) = 0 [pid 2039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2039] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2039] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2039] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2040 attached [pid 2040] set_robust_list(0x7f22e15909a0, 24 [pid 2039] <... clone3 resumed> => {parent_tid=[2040]}, 88) = 2040 [pid 2039] rt_sigprocmask(SIG_SETMASK, [], [pid 2040] <... set_robust_list resumed>) = 0 [pid 2039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2039] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2039] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2039] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2040] memfd_create("syzkaller", 0) = 3 [pid 2040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2040] <... write resumed>) = 262144 [pid 2039] <... clone3 resumed> => {parent_tid=[2041]}, 88) = 2041 [pid 2040] munmap(0x7f22d914f000, 138412032 [pid 2039] rt_sigprocmask(SIG_SETMASK, [], [pid 2040] <... munmap resumed>) = 0 [pid 2040] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2040] <... openat resumed>) = 4 [pid 2040] ioctl(4, LOOP_SET_FD, 3 [pid 2039] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2040] <... ioctl resumed>) = 0 [pid 2040] close(3) = 0 [pid 2040] close(4) = 0 [pid 2039] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2040] mkdir("./file0", 0777) = 0 [pid 2040] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"..../strace-static-x86_64: Process 2041 attached [pid 2041] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2041] creat("./bus", 000) = 3 [pid 2041] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2039] <... futex resumed>) = 0 [pid 2041] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2039] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2041] <... futex resumed>) = 0 [pid 2039] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2041] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2040] <... mount resumed>) = 0 [pid 2040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 2040] chdir("./file0") = 0 [pid 2040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2040] ioctl(5, LOOP_CLR_FD) = 0 [pid 2040] close(5 [pid 2041] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2039] <... futex resumed>) = 0 [pid 2041] <... futex resumed>) = 1 [pid 2039] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2040] <... close resumed>) = 0 [pid 2041] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2039] <... futex resumed>) = 0 [pid 2040] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2039] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2040] <... futex resumed>) = 0 [pid 2041] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 2040] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2041] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2039] <... futex resumed>) = 0 [pid 2039] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2041] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2039] <... futex resumed>) = 1 [pid 2039] futex(0x7f22e165d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2040] <... futex resumed>) = 0 [pid 2040] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2040] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2039] <... futex resumed>) = 0 [pid 2040] <... futex resumed>) = 1 [pid 2039] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2040] memfd_create("syzkaller", 0) = 5 [pid 2040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2040] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2040] munmap(0x7f22d914f000, 138412032) = 0 [pid 2040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2040] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2040] ioctl(6, LOOP_CLR_FD) = 0 [pid 2040] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2040] close(6) = 0 [pid 2040] close(5) = 0 [pid 2040] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2040] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2039] exit_group(0 [pid 2041] <... futex resumed>) = ? [pid 2040] <... futex resumed>) = ? [pid 2039] <... exit_group resumed>) = ? [pid 2041] +++ exited with 0 +++ [pid 2040] +++ exited with 0 +++ [pid 2039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2039, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./539", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 49.893495][ T2040] loop0: detected capacity change from 0 to 512 [ 49.910678][ T2040] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./539/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./539/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./539/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./539/bus") = 0 umount2("./539/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./539/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./539/binderfs") = 0 umount2("./539/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./539/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./539/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./539/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./539/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./539") = 0 mkdir("./540", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2043 ./strace-static-x86_64: Process 2043 attached [pid 2043] set_robust_list(0x5555564336a0, 24) = 0 [pid 2043] chdir("./540") = 0 [pid 2043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2043] setpgid(0, 0) = 0 [pid 2043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2043] write(3, "1000", 4) = 4 [pid 2043] close(3) = 0 [pid 2043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2043] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2043] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2043] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2044]}, 88) = 2044 [pid 2043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2043] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2043] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2043] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2045 attached => {parent_tid=[2045]}, 88) = 2045 [pid 2045] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2045] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2044 attached [pid 2044] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2044] memfd_create("syzkaller", 0) = 3 [pid 2043] rt_sigprocmask(SIG_SETMASK, [], [pid 2044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2043] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2045] <... futex resumed>) = 0 [pid 2043] <... futex resumed>) = 1 [pid 2045] creat("./bus", 000) = 4 [pid 2043] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2045] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2045] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2043] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2045] <... futex resumed>) = 0 [pid 2043] <... futex resumed>) = 1 [pid 2045] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2043] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2045] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2045] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2043] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2045] <... futex resumed>) = 0 [pid 2043] <... futex resumed>) = 1 [pid 2045] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2045] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2045] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2043] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2043] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2045] <... futex resumed>) = 0 [pid 2043] <... futex resumed>) = 1 [pid 2045] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2043] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2045] <... mmap resumed>) = 0x20000000 [pid 2045] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2045] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2043] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2045] <... futex resumed>) = 0 [pid 2045] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2045] +++ killed by SIGBUS +++ [pid 2044] <... write resumed>) = ? [pid 2044] +++ killed by SIGBUS +++ [pid 2043] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2043, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./540", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./540/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./540/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./540/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./540/bus") = 0 umount2("./540/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./540/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./540/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./540") = 0 mkdir("./541", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2046 ./strace-static-x86_64: Process 2046 attached [pid 2046] set_robust_list(0x5555564336a0, 24) = 0 [pid 2046] chdir("./541") = 0 [pid 2046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2046] setpgid(0, 0) = 0 [pid 2046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2046] write(3, "1000", 4) = 4 [pid 2046] close(3) = 0 [pid 2046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2046] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2046] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2046] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2046] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2047 attached [pid 2047] set_robust_list(0x7f22e15909a0, 24 [pid 2046] <... clone3 resumed> => {parent_tid=[2047]}, 88) = 2047 [pid 2047] <... set_robust_list resumed>) = 0 [pid 2046] rt_sigprocmask(SIG_SETMASK, [], [pid 2047] rt_sigprocmask(SIG_SETMASK, [], [pid 2046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2046] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2047] memfd_create("syzkaller", 0 [pid 2046] <... futex resumed>) = 0 [pid 2046] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2047] <... memfd_create resumed>) = 3 [pid 2047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2046] <... futex resumed>) = 0 [pid 2046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2047] <... mmap resumed>) = 0x7f22d914f000 [pid 2046] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2048]}, 88) = 2048 [pid 2046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2046] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2046] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2048 attached [pid 2047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2048] set_robust_list(0x7f22e156f9a0, 24 [pid 2047] <... write resumed>) = 262144 [pid 2047] munmap(0x7f22d914f000, 138412032) = 0 [pid 2047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2048] <... set_robust_list resumed>) = 0 [pid 2048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2048] creat("./bus", 000) = 5 [pid 2048] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2048] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2047] close(3) = 0 [pid 2047] close(4) = 0 [pid 2047] mkdir("./file0", 0777 [pid 2046] <... futex resumed>) = 0 [pid 2046] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2047] <... mkdir resumed>) = 0 [pid 2046] <... futex resumed>) = 1 [pid 2048] <... futex resumed>) = 0 [pid 2048] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2046] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2048] <... mount resumed>) = 0 [pid 2048] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2048] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2047] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2046] <... futex resumed>) = 0 [pid 2046] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2048] <... futex resumed>) = 0 [pid 2046] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2048] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2048] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2048] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2046] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2048] <... futex resumed>) = 0 [pid 2048] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2046] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2048] <... mmap resumed>) = 0x20000000 [pid 2048] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2048] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2046] <... futex resumed>) = 0 [pid 2046] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2048] <... futex resumed>) = 0 [pid 2048] memfd_create("syzkaller", 0) = 4 [pid 2048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2047] <... mount resumed>) = 0 [pid 2047] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2047] ioctl(6, LOOP_CLR_FD) = 0 [pid 2047] close(6) = 0 [pid 2047] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2047] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2048] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2048] munmap(0x7f22d914f000, 138412032) = 0 [pid 2048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2048] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2048] ioctl(6, LOOP_CLR_FD) = 0 [pid 2048] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2048] close(6) = 0 [pid 2048] close(4) = 0 [pid 2048] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2048] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2046] exit_group(0 [pid 2047] <... futex resumed>) = ? [pid 2046] <... exit_group resumed>) = ? [pid 2048] <... futex resumed>) = ? [pid 2048] +++ exited with 0 +++ [pid 2047] +++ exited with 0 +++ [pid 2046] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2046, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./541", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./541/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./541/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./541/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./541/bus") = 0 umount2("./541/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./541/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./541/binderfs") = 0 umount2("./541/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./541/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./541/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./541/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./541/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./541") = 0 mkdir("./542", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2050 ./strace-static-x86_64: Process 2050 attached [pid 2050] set_robust_list(0x5555564336a0, 24) = 0 [pid 2050] chdir("./542") = 0 [pid 2050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2050] setpgid(0, 0) = 0 [pid 2050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2050] write(3, "1000", 4) = 4 [pid 2050] close(3) = 0 [pid 2050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2050] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2050] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2050] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2051 attached => {parent_tid=[2051]}, 88) = 2051 [pid 2050] rt_sigprocmask(SIG_SETMASK, [], [pid 2051] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2051] rt_sigprocmask(SIG_SETMASK, [], [pid 2050] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2051] memfd_create("syzkaller", 0 [pid 2050] <... futex resumed>) = 0 [pid 2050] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2051] <... memfd_create resumed>) = 3 [pid 2051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2050] <... futex resumed>) = 0 [pid 2050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2050] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2052]}, 88) = 2052 [pid 2050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2050] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2050] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 49.993413][ T2047] loop0: detected capacity change from 0 to 512 [ 50.008069][ T2047] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor245: couldn't read orphan inode 12 (err -116) [pid 2051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2052 attached ) = 262144 [pid 2051] munmap(0x7f22d9170000, 138412032 [pid 2052] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2052] creat("./bus", 000 [pid 2051] <... munmap resumed>) = 0 [pid 2051] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2052] <... creat resumed>) = 4 [pid 2052] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2050] <... futex resumed>) = 0 [pid 2050] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2050] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2052] <... futex resumed>) = 1 [pid 2052] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2052] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2050] <... futex resumed>) = 0 [pid 2050] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2050] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2052] <... futex resumed>) = 1 [pid 2052] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2052] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2050] <... futex resumed>) = 0 [pid 2050] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2050] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2052] <... futex resumed>) = 1 [pid 2052] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2051] <... openat resumed>) = 6 [pid 2052] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2050] <... futex resumed>) = 0 [pid 2050] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2052] <... futex resumed>) = 1 [pid 2052] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2051] ioctl(6, LOOP_SET_FD, 3) = ? [pid 2052] +++ killed by SIGBUS +++ [pid 2051] +++ killed by SIGBUS +++ [pid 2050] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2050, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./542", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./542/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./542/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./542/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./542/bus") = 0 umount2("./542/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./542/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./542/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./542") = 0 mkdir("./543", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2053 ./strace-static-x86_64: Process 2053 attached [pid 2053] set_robust_list(0x5555564336a0, 24) = 0 [pid 2053] chdir("./543") = 0 [pid 2053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2053] setpgid(0, 0) = 0 [pid 2053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2053] write(3, "1000", 4) = 4 [pid 2053] close(3) = 0 [pid 2053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2053] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2053] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2053] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2054 attached [pid 2054] set_robust_list(0x7f22e15909a0, 24 [pid 2053] <... clone3 resumed> => {parent_tid=[2054]}, 88) = 2054 [pid 2054] <... set_robust_list resumed>) = 0 [pid 2053] rt_sigprocmask(SIG_SETMASK, [], [pid 2054] rt_sigprocmask(SIG_SETMASK, [], [pid 2053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2053] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2053] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2054] memfd_create("syzkaller", 0 [pid 2053] <... futex resumed>) = 0 [pid 2053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2054] <... memfd_create resumed>) = 3 [pid 2054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2053] <... mmap resumed>) = 0x7f22e154f000 [pid 2053] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2054] <... mmap resumed>) = 0x7f22d914f000 [pid 2053] <... mprotect resumed>) = 0 [pid 2053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2055]}, 88) = 2055 ./strace-static-x86_64: Process 2055 attached [pid 2055] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2055] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2053] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2055] <... futex resumed>) = 0 [pid 2055] creat("./bus", 000 [pid 2053] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2055] <... creat resumed>) = 4 [pid 2055] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2055] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2053] <... futex resumed>) = 0 [pid 2053] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2055] <... futex resumed>) = 0 [pid 2055] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2053] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2055] <... mount resumed>) = 0 [pid 2055] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2053] <... futex resumed>) = 0 [pid 2055] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2053] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2053] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2055] <... open resumed>) = 5 [pid 2055] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2053] <... futex resumed>) = 0 [pid 2055] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2053] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2053] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2055] <... mmap resumed>) = 0x20000000 [pid 2055] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2053] <... futex resumed>) = 0 [pid 2053] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2055] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2054] <... write resumed>) = ? [pid 2055] +++ killed by SIGBUS +++ [pid 2054] +++ killed by SIGBUS +++ [pid 2053] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2053, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./543", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./543/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./543/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./543/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./543/bus") = 0 umount2("./543/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./543/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./543/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./543") = 0 mkdir("./544", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2056 ./strace-static-x86_64: Process 2056 attached [pid 2056] set_robust_list(0x5555564336a0, 24) = 0 [pid 2056] chdir("./544") = 0 [pid 2056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2056] setpgid(0, 0) = 0 [pid 2056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2056] write(3, "1000", 4) = 4 [pid 2056] close(3) = 0 [pid 2056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2056] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2056] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2056] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2057 attached => {parent_tid=[2057]}, 88) = 2057 [pid 2056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2056] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2056] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2056] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2056] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2057] set_robust_list(0x7f22e15909a0, 24 [pid 2056] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2057] <... set_robust_list resumed>) = 0 [pid 2056] <... clone3 resumed> => {parent_tid=[2058]}, 88) = 2058 [pid 2056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2056] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2057] rt_sigprocmask(SIG_SETMASK, [], [pid 2056] <... futex resumed>) = 0 [pid 2056] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2058 attached [pid 2058] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2058] creat("./bus", 000 [pid 2057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2058] <... creat resumed>) = 3 [pid 2058] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] <... futex resumed>) = 0 [pid 2056] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2056] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2058] <... futex resumed>) = 1 [pid 2058] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2058] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] <... futex resumed>) = 0 [pid 2056] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2056] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2058] <... futex resumed>) = 1 [pid 2058] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2058] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] <... futex resumed>) = 0 [pid 2056] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2056] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2058] <... futex resumed>) = 1 [pid 2058] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2058] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000032b} --- [pid 2056] <... futex resumed>) = 0 [pid 2056] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2058] <... futex resumed>) = 1 [pid 2058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2057] +++ killed by SIGBUS +++ [pid 2058] +++ killed by SIGBUS +++ [pid 2056] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2056, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./544", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./544/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./544/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./544/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./544/bus") = 0 umount2("./544/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./544/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./544/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./544") = 0 mkdir("./545", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2059 ./strace-static-x86_64: Process 2059 attached [pid 2059] set_robust_list(0x5555564336a0, 24) = 0 [pid 2059] chdir("./545") = 0 [pid 2059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2059] setpgid(0, 0) = 0 [pid 2059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2059] write(3, "1000", 4) = 4 [pid 2059] close(3) = 0 [pid 2059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2059] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2059] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2059] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2060]}, 88) = 2060 ./strace-static-x86_64: Process 2060 attached [pid 2059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2059] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2059] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2059] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2060] set_robust_list(0x7f22e15909a0, 24 [pid 2059] <... clone3 resumed> => {parent_tid=[2061]}, 88) = 2061 [pid 2059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2059] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2059] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2061 attached [pid 2061] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2061] creat("./bus", 000 [pid 2060] <... set_robust_list resumed>) = 0 [pid 2061] <... creat resumed>) = 3 [pid 2061] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2059] <... futex resumed>) = 0 [pid 2059] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2059] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2061] <... futex resumed>) = 1 [pid 2061] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2060] rt_sigprocmask(SIG_SETMASK, [], [pid 2061] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2059] <... futex resumed>) = 0 [pid 2059] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2059] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2061] <... futex resumed>) = 1 [pid 2061] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2061] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2059] <... futex resumed>) = 0 [pid 2059] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2059] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2061] <... futex resumed>) = 1 [pid 2061] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2061] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2059] <... futex resumed>) = 0 [pid 2059] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2061] <... futex resumed>) = 1 [pid 2061] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2060] <... rt_sigprocmask resumed> ) = ? [pid 2060] +++ killed by SIGBUS +++ [pid 2061] +++ killed by SIGBUS +++ [pid 2059] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2059, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./545", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./545/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./545/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./545/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./545/bus") = 0 umount2("./545/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./545/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./545/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./545") = 0 mkdir("./546", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2062 ./strace-static-x86_64: Process 2062 attached [pid 2062] set_robust_list(0x5555564336a0, 24) = 0 [pid 2062] chdir("./546") = 0 [pid 2062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2062] setpgid(0, 0) = 0 [pid 2062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2062] write(3, "1000", 4) = 4 [pid 2062] close(3) = 0 [pid 2062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2062] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2062] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2063 attached => {parent_tid=[2063]}, 88) = 2063 [pid 2062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2062] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2062] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2062] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2063] set_robust_list(0x7f22e15909a0, 24 [pid 2062] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2063] <... set_robust_list resumed>) = 0 [pid 2062] <... clone3 resumed> => {parent_tid=[2064]}, 88) = 2064 [pid 2062] rt_sigprocmask(SIG_SETMASK, [], [pid 2063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2062] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2064 attached [pid 2064] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2064] creat("./bus", 000) = 3 [pid 2064] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... futex resumed>) = 0 [pid 2062] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2064] <... futex resumed>) = 1 [pid 2064] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2063] memfd_create("syzkaller", 0 [pid 2064] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... futex resumed>) = 0 [pid 2062] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2064] <... futex resumed>) = 1 [pid 2064] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2064] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... futex resumed>) = 0 [pid 2062] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2064] <... futex resumed>) = 1 [pid 2064] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2064] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... futex resumed>) = 0 [pid 2062] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2064] <... futex resumed>) = 1 [pid 2064] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2063] <... memfd_create resumed>) = ? [pid 2064] +++ killed by SIGBUS +++ [pid 2063] +++ killed by SIGBUS +++ [pid 2062] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2062, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./546", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./546/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./546/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./546/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./546/bus") = 0 umount2("./546/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./546/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./546/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./546") = 0 mkdir("./547", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2065 ./strace-static-x86_64: Process 2065 attached [pid 2065] set_robust_list(0x5555564336a0, 24) = 0 [pid 2065] chdir("./547") = 0 [pid 2065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2065] setpgid(0, 0) = 0 [pid 2065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2065] write(3, "1000", 4) = 4 [pid 2065] close(3) = 0 [pid 2065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2065] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2065] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2065] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2066 attached [pid 2066] set_robust_list(0x7f22e15909a0, 24 [pid 2065] <... clone3 resumed> => {parent_tid=[2066]}, 88) = 2066 [pid 2066] <... set_robust_list resumed>) = 0 [pid 2065] rt_sigprocmask(SIG_SETMASK, [], [pid 2066] rt_sigprocmask(SIG_SETMASK, [], [pid 2065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2065] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2065] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2066] memfd_create("syzkaller", 0 [pid 2065] <... futex resumed>) = 0 [pid 2065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2066] <... memfd_create resumed>) = 3 [pid 2066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2065] <... mmap resumed>) = 0x7f22e154f000 [pid 2065] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2066] <... mmap resumed>) = 0x7f22d914f000 [pid 2065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2067]}, 88) = 2067 [pid 2065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2065] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2065] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2067 attached [pid 2066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2067] set_robust_list(0x7f22e156f9a0, 24 [pid 2066] <... write resumed>) = 262144 [pid 2066] munmap(0x7f22d914f000, 138412032) = 0 [pid 2066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2067] <... set_robust_list resumed>) = 0 [pid 2066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2067] creat("./bus", 000) = 5 [pid 2067] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2067] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2065] <... futex resumed>) = 0 [pid 2066] close(3) = 0 [pid 2066] close(4) = 0 [pid 2066] mkdir("./file0", 0777 [pid 2065] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2067] <... futex resumed>) = 0 [pid 2067] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2067] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2066] <... mkdir resumed>) = 0 [pid 2066] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2065] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2065] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2065] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2067] <... futex resumed>) = 0 [pid 2067] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2067] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2065] <... futex resumed>) = 0 [pid 2067] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2065] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2065] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2067] <... mmap resumed>) = 0x20000000 [pid 2067] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2065] <... futex resumed>) = 0 [pid 2065] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] memfd_create("syzkaller", 0) = 4 [pid 2067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2067] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2066] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2066] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2067] <... write resumed>) = 4194304 [pid 2066] <... openat resumed>) = 6 [pid 2067] munmap(0x7f22d914f000, 138412032 [pid 2066] ioctl(6, LOOP_CLR_FD) = 0 [pid 2067] <... munmap resumed>) = 0 [pid 2066] close(6 [pid 2067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 2067] ioctl(7, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2067] ioctl(7, LOOP_CLR_FD) = 0 [pid 2066] <... close resumed>) = 0 [pid 2067] ioctl(7, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2066] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] close(7 [pid 2066] <... futex resumed>) = 0 [pid 2067] <... close resumed>) = 0 [pid 2066] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2067] close(4) = 0 [pid 2067] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2065] exit_group(0) = ? [pid 2066] <... futex resumed>) = ? [pid 2066] +++ exited with 0 +++ [pid 2067] <... futex resumed>) = ? [pid 2067] +++ exited with 0 +++ [pid 2065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2065, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./547", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./547/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./547/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./547/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./547/bus") = 0 umount2("./547/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./547/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./547/binderfs") = 0 umount2("./547/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./547/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./547/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./547/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./547") = 0 mkdir("./548", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2069 attached , child_tidptr=0x555556433690) = 2069 [pid 2069] set_robust_list(0x5555564336a0, 24) = 0 [pid 2069] chdir("./548") = 0 [pid 2069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2069] setpgid(0, 0) = 0 [pid 2069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2069] write(3, "1000", 4) = 4 [ 50.184448][ T2066] loop0: detected capacity change from 0 to 512 [ 50.201711][ T2066] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 50.221520][ T2066] EXT4-fs (loop0): get root inode failed [ 50.227244][ T2066] EXT4-fs (loop0): mount failed [pid 2069] close(3) = 0 [pid 2069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2069] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2069] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2069] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2070 attached => {parent_tid=[2070]}, 88) = 2070 [pid 2070] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2069] rt_sigprocmask(SIG_SETMASK, [], [pid 2070] rt_sigprocmask(SIG_SETMASK, [], [pid 2069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2069] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2069] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2070] memfd_create("syzkaller", 0 [pid 2069] <... mmap resumed>) = 0x7f22e154f000 [pid 2069] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2070] <... memfd_create resumed>) = 3 [pid 2070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2069] <... mprotect resumed>) = 0 [pid 2069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2070] <... mmap resumed>) = 0x7f22d914f000 [pid 2069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2071 attached => {parent_tid=[2071]}, 88) = 2071 [pid 2071] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2071] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2069] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2071] <... futex resumed>) = 0 [pid 2071] creat("./bus", 000 [pid 2069] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2071] <... creat resumed>) = 4 [pid 2071] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2071] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2069] <... futex resumed>) = 0 [pid 2069] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2071] <... futex resumed>) = 0 [pid 2071] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2069] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2071] <... mount resumed>) = 0 [pid 2071] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2069] <... futex resumed>) = 0 [pid 2071] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2069] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2069] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2071] <... open resumed>) = 5 [pid 2071] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2069] <... futex resumed>) = 0 [pid 2071] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2069] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2069] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2071] <... mmap resumed>) = 0x20000000 [pid 2071] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2070] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d7b} --- [pid 2069] <... futex resumed>) = ? [pid 2071] <... futex resumed>) = ? [pid 2071] +++ killed by SIGBUS +++ [pid 2070] +++ killed by SIGBUS +++ [pid 2069] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2069, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./548", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./548/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./548/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./548/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./548/bus") = 0 umount2("./548/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./548/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./548/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./548") = 0 mkdir("./549", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2072 ./strace-static-x86_64: Process 2072 attached [pid 2072] set_robust_list(0x5555564336a0, 24) = 0 [pid 2072] chdir("./549") = 0 [pid 2072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2072] setpgid(0, 0) = 0 [pid 2072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2072] write(3, "1000", 4) = 4 [pid 2072] close(3) = 0 [pid 2072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2072] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2072] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2073 attached => {parent_tid=[2073]}, 88) = 2073 [pid 2073] set_robust_list(0x7f22e15909a0, 24 [pid 2072] rt_sigprocmask(SIG_SETMASK, [], [pid 2073] <... set_robust_list resumed>) = 0 [pid 2072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2073] rt_sigprocmask(SIG_SETMASK, [], [pid 2072] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2072] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2073] memfd_create("syzkaller", 0 [pid 2072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2072] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2073] <... memfd_create resumed>) = 3 [pid 2072] <... mprotect resumed>) = 0 [pid 2072] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2072] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2073] <... mmap resumed>) = 0x7f22d914f000 [pid 2072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2074 attached [pid 2074] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2074] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2072] <... clone3 resumed> => {parent_tid=[2074]}, 88) = 2074 [pid 2072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2072] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2074] <... futex resumed>) = 0 [pid 2074] creat("./bus", 000 [pid 2072] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2074] <... creat resumed>) = 4 [pid 2074] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2072] <... futex resumed>) = 0 [pid 2074] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2072] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2074] <... mount resumed>) = 0 [pid 2074] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2072] <... futex resumed>) = 0 [pid 2074] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2072] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2074] <... open resumed>) = 5 [pid 2074] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2072] <... futex resumed>) = 0 [pid 2074] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2072] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2074] <... mmap resumed>) = 0x20000000 [pid 2074] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2073] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d43} --- [pid 2073] +++ killed by SIGBUS +++ [pid 2072] <... futex resumed>) = ? [pid 2074] <... futex resumed>) = ? [pid 2074] +++ killed by SIGBUS +++ [pid 2072] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2072, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./549", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./549/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./549/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./549/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./549/bus") = 0 umount2("./549/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./549/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./549/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./549") = 0 mkdir("./550", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2075 ./strace-static-x86_64: Process 2075 attached [pid 2075] set_robust_list(0x5555564336a0, 24) = 0 [pid 2075] chdir("./550") = 0 [pid 2075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2075] setpgid(0, 0) = 0 [pid 2075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2075] write(3, "1000", 4) = 4 [pid 2075] close(3) = 0 [pid 2075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2075] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2075] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2075] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2075] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2076 attached => {parent_tid=[2076]}, 88) = 2076 [pid 2075] rt_sigprocmask(SIG_SETMASK, [], [pid 2076] set_robust_list(0x7f22e15909a0, 24 [pid 2075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2076] <... set_robust_list resumed>) = 0 [pid 2075] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2076] rt_sigprocmask(SIG_SETMASK, [], [pid 2075] <... futex resumed>) = 0 [pid 2076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2075] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2076] memfd_create("syzkaller", 0 [pid 2075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2076] <... memfd_create resumed>) = 3 [pid 2075] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2075] <... mprotect resumed>) = 0 [pid 2075] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2076] <... mmap resumed>) = 0x7f22d914f000 [pid 2075] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2077]}, 88) = 2077 ./strace-static-x86_64: Process 2077 attached [pid 2077] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2077] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2075] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2077] <... futex resumed>) = 0 [pid 2077] creat("./bus", 000 [pid 2075] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2077] <... creat resumed>) = 4 [pid 2077] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2077] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2075] <... futex resumed>) = 0 [pid 2075] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2075] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2077] <... futex resumed>) = 0 [pid 2077] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2077] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2075] <... futex resumed>) = 0 [pid 2077] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2075] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2075] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2077] <... open resumed>) = 5 [pid 2077] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2075] <... futex resumed>) = 0 [pid 2077] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2075] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2075] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2077] <... mmap resumed>) = 0x20000000 [pid 2077] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2075] <... futex resumed>) = 0 [pid 2075] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2077] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2077] +++ killed by SIGBUS +++ [pid 2076] +++ killed by SIGBUS +++ [pid 2075] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2075, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./550", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./550/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./550/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./550/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./550/bus") = 0 umount2("./550/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./550/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./550/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./550") = 0 mkdir("./551", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2078 ./strace-static-x86_64: Process 2078 attached [pid 2078] set_robust_list(0x5555564336a0, 24) = 0 [pid 2078] chdir("./551") = 0 [pid 2078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2078] setpgid(0, 0) = 0 [pid 2078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2078] write(3, "1000", 4) = 4 [pid 2078] close(3) = 0 [pid 2078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2078] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2078] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2078] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2079 attached [pid 2079] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2079] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2078] <... clone3 resumed> => {parent_tid=[2079]}, 88) = 2079 [pid 2078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2078] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2079] <... futex resumed>) = 0 [pid 2079] memfd_create("syzkaller", 0) = 3 [pid 2078] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2078] <... futex resumed>) = 0 [pid 2078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2078] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2080 attached [pid 2079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2080] set_robust_list(0x7f22d916f9a0, 24 [pid 2079] <... write resumed>) = 262144 [pid 2079] munmap(0x7f22d9170000, 138412032 [pid 2078] <... clone3 resumed> => {parent_tid=[2080]}, 88) = 2080 [pid 2080] <... set_robust_list resumed>) = 0 [pid 2079] <... munmap resumed>) = 0 [pid 2078] rt_sigprocmask(SIG_SETMASK, [], [pid 2079] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2078] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2079] <... openat resumed>) = 4 [pid 2079] ioctl(4, LOOP_SET_FD, 3 [pid 2078] <... futex resumed>) = 0 [pid 2078] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2080] creat("./bus", 000) = 5 [pid 2080] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2078] <... futex resumed>) = 0 [pid 2078] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2078] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2080] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2080] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2078] <... futex resumed>) = 0 [pid 2078] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2078] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2080] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2080] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2078] <... futex resumed>) = 0 [pid 2078] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2078] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2080] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2079] <... ioctl resumed>) = 0 [pid 2079] close(3) = 0 [pid 2079] close(4) = 0 [pid 2079] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2079] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2079] ioctl(3, LOOP_CLR_FD) = 0 [pid 2079] close(3) = 0 [pid 2079] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2079] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2080] <... mmap resumed>) = 0x20000000 [pid 2080] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2078] <... futex resumed>) = 0 [pid 2078] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2079] <... futex resumed>) = 0 [pid 2079] memfd_create("syzkaller", 0) = 3 [pid 2079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2080] <... futex resumed>) = 1 [pid 2080] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2079] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2079] munmap(0x7f22d9170000, 138412032) = 0 [pid 2079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2079] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2079] ioctl(4, LOOP_CLR_FD) = 0 [pid 2079] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2079] close(4) = 0 [pid 2079] close(3) = 0 [pid 2079] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2079] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2078] exit_group(0 [pid 2080] <... futex resumed>) = ? [pid 2078] <... exit_group resumed>) = ? [pid 2080] +++ exited with 0 +++ [pid 2079] <... futex resumed>) = ? [pid 2079] +++ exited with 0 +++ [pid 2078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2078, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./551", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./551/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./551/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./551/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./551/bus") = 0 umount2("./551/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./551/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./551/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./551") = 0 mkdir("./552", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2081 ./strace-static-x86_64: Process 2081 attached [pid 2081] set_robust_list(0x5555564336a0, 24) = 0 [pid 2081] chdir("./552") = 0 [pid 2081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2081] setpgid(0, 0) = 0 [pid 2081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2081] write(3, "1000", 4) = 4 [pid 2081] close(3) = 0 [pid 2081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2081] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2081] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2081] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [ 50.340267][ T2079] loop0: detected capacity change from 0 to 512 [pid 2081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2082 attached => {parent_tid=[2082]}, 88) = 2082 [pid 2081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2081] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2081] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2082] set_robust_list(0x7f22e15909a0, 24 [pid 2081] <... mmap resumed>) = 0x7f22e154f000 [pid 2081] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2081] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2082] <... set_robust_list resumed>) = 0 [pid 2081] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2083]}, 88) = 2083 [pid 2082] rt_sigprocmask(SIG_SETMASK, [], [pid 2081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2081] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2081] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2083 attached [pid 2083] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2083] creat("./bus", 000 [pid 2082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2082] memfd_create("syzkaller", 0 [pid 2083] <... creat resumed>) = 3 [pid 2083] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2081] <... futex resumed>) = 0 [pid 2081] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2081] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2083] <... futex resumed>) = 1 [pid 2083] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2083] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2081] <... futex resumed>) = 0 [pid 2081] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2081] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2083] <... futex resumed>) = 1 [pid 2083] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2082] <... memfd_create resumed>) = 4 [pid 2083] <... open resumed>) = 5 [pid 2083] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2081] <... futex resumed>) = 0 [pid 2081] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2081] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2083] <... futex resumed>) = 1 [pid 2083] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2083] <... mmap resumed>) = 0x20000000 [pid 2083] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2081] <... futex resumed>) = 0 [pid 2081] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2083] <... futex resumed>) = 1 [pid 2083] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2082] <... mmap resumed>) = ? [pid 2082] +++ killed by SIGBUS +++ [pid 2083] +++ killed by SIGBUS +++ [pid 2081] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2081, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./552", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./552/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./552/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./552/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./552/bus") = 0 umount2("./552/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./552/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./552/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./552") = 0 mkdir("./553", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2084 attached , child_tidptr=0x555556433690) = 2084 [pid 2084] set_robust_list(0x5555564336a0, 24) = 0 [pid 2084] chdir("./553") = 0 [pid 2084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2084] setpgid(0, 0) = 0 [pid 2084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2084] write(3, "1000", 4) = 4 [pid 2084] close(3) = 0 [pid 2084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2084] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2084] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2086]}, 88) = 2086 [pid 2084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2084] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2084] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2087 attached => {parent_tid=[2087]}, 88) = 2087 [pid 2084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2084] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2086 attached [pid 2086] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2086] memfd_create("syzkaller", 0 [pid 2087] set_robust_list(0x7f22e156f9a0, 24 [pid 2086] <... memfd_create resumed>) = 3 [pid 2086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2087] <... set_robust_list resumed>) = 0 [pid 2086] <... mmap resumed>) = 0x7f22d914f000 [pid 2087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2087] creat("./bus", 000) = 4 [pid 2087] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... futex resumed>) = 0 [pid 2087] <... futex resumed>) = 1 [pid 2086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2084] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2087] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2084] <... futex resumed>) = 0 [pid 2084] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2087] <... mount resumed>) = 0 [pid 2087] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2086] <... write resumed>) = 262144 [pid 2086] munmap(0x7f22d914f000, 138412032 [pid 2084] <... futex resumed>) = 0 [pid 2087] <... futex resumed>) = 1 [pid 2086] <... munmap resumed>) = 0 [pid 2086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2086] ioctl(5, LOOP_SET_FD, 3 [pid 2084] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2087] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2084] <... futex resumed>) = 0 [pid 2084] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2087] <... open resumed>) = 6 [pid 2086] <... ioctl resumed>) = 0 [pid 2086] close(3) = 0 [pid 2086] close(5) = 0 [pid 2086] mkdir("./file0", 0777) = 0 [pid 2086] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2087] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... futex resumed>) = 0 [pid 2084] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2087] <... futex resumed>) = 1 [pid 2087] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 2087] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... futex resumed>) = 0 [pid 2084] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2087] <... futex resumed>) = 1 [pid 2087] memfd_create("syzkaller", 0) = 3 [pid 2087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2087] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2086] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2086] ioctl(5, LOOP_CLR_FD) = 0 [pid 2086] close(5) = 0 [pid 2086] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2086] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2087] <... write resumed>) = 4194304 [pid 2087] munmap(0x7f22d914f000, 138412032) = 0 [pid 2087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2087] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2087] ioctl(5, LOOP_CLR_FD) = 0 [pid 2087] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2087] close(5) = 0 [pid 2087] close(3) = 0 [pid 2087] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] exit_group(0) = ? [pid 2086] <... futex resumed>) = ? [pid 2086] +++ exited with 0 +++ [pid 2087] +++ exited with 0 +++ [pid 2084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2084, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./553", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./553/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./553/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./553/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./553/bus") = 0 umount2("./553/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./553/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./553/binderfs") = 0 umount2("./553/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./553/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./553/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./553/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./553") = 0 mkdir("./554", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2089 ./strace-static-x86_64: Process 2089 attached [pid 2089] set_robust_list(0x5555564336a0, 24) = 0 [pid 2089] chdir("./554") = 0 [pid 2089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2089] setpgid(0, 0) = 0 [pid 2089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2089] write(3, "1000", 4) = 4 [pid 2089] close(3) = 0 [pid 2089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2089] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2089] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2090]}, 88) = 2090 [pid 2089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2089] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2089] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2091 attached ./strace-static-x86_64: Process 2090 attached => {parent_tid=[2091]}, 88) = 2091 [pid 2091] set_robust_list(0x7f22e156f9a0, 24 [pid 2090] set_robust_list(0x7f22e15909a0, 24 [pid 2089] rt_sigprocmask(SIG_SETMASK, [], [pid 2091] <... set_robust_list resumed>) = 0 [pid 2089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2090] <... set_robust_list resumed>) = 0 [pid 2091] rt_sigprocmask(SIG_SETMASK, [], [pid 2090] rt_sigprocmask(SIG_SETMASK, [], [pid 2089] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2091] creat("./bus", 000) = 3 [pid 2090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2091] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2090] memfd_create("syzkaller", 0 [pid 2091] <... futex resumed>) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2090] <... memfd_create resumed>) = 4 [pid 2089] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2091] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2091] <... mount resumed>) = 0 [pid 2090] <... mmap resumed>) = 0x7f22d914f000 [pid 2091] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2089] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2091] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2091] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2089] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2091] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2089] <... futex resumed>) = 0 [pid 2089] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2091] <... mmap resumed>) = 0x20000000 [pid 2090] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d18} --- [pid 2089] <... futex resumed>) = ? [pid 2091] +++ killed by SIGBUS +++ [pid 2090] +++ killed by SIGBUS +++ [pid 2089] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2089, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./554", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./554/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./554/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./554/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./554/bus") = 0 umount2("./554/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./554/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 50.421302][ T2086] loop0: detected capacity change from 0 to 512 [ 50.434025][ T2086] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 50.446830][ T2086] EXT4-fs (loop0): get root inode failed [ 50.452606][ T2086] EXT4-fs (loop0): mount failed unlink("./554/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./554") = 0 mkdir("./555", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2092 ./strace-static-x86_64: Process 2092 attached [pid 2092] set_robust_list(0x5555564336a0, 24) = 0 [pid 2092] chdir("./555") = 0 [pid 2092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2092] setpgid(0, 0) = 0 [pid 2092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2092] write(3, "1000", 4) = 4 [pid 2092] close(3) = 0 [pid 2092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2092] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2092] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2093]}, 88) = 2093 [pid 2092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2092] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2092] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2094]}, 88) = 2094 [pid 2092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2092] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2093 attached [pid 2093] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2093] memfd_create("syzkaller", 0) = 3 [pid 2093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 2094 attached ) = 0x7f22d914f000 [pid 2094] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2094] creat("./bus", 000) = 4 [pid 2094] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2094] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2094] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2094] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2094] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2094] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2094] <... mmap resumed>) = 0x20000000 [pid 2094] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2094] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2093] <... write resumed>) = ? [pid 2094] +++ killed by SIGBUS +++ [pid 2093] +++ killed by SIGBUS +++ [pid 2092] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2092, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./555", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./555/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./555/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./555/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./555/bus") = 0 umount2("./555/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./555/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./555/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./555") = 0 mkdir("./556", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2095 ./strace-static-x86_64: Process 2095 attached [pid 2095] set_robust_list(0x5555564336a0, 24) = 0 [pid 2095] chdir("./556") = 0 [pid 2095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2095] setpgid(0, 0) = 0 [pid 2095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2095] write(3, "1000", 4) = 4 [pid 2095] close(3) = 0 [pid 2095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2095] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2095] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2095] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2096]}, 88) = 2096 [pid 2095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2095] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2095] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2095] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2097]}, 88) = 2097 [pid 2095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2095] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2095] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2096 attached [pid 2096] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2096] memfd_create("syzkaller", 0) = 3 [pid 2096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2097 attached [pid 2097] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2097] creat("./bus", 000) = 4 [pid 2097] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2095] <... futex resumed>) = 0 [pid 2095] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2095] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2097] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2097] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2095] <... futex resumed>) = 0 [pid 2095] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2095] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2097] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2097] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2095] <... futex resumed>) = 0 [pid 2095] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2095] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2096] <... write resumed>) = 262144 [pid 2096] munmap(0x7f22d914f000, 138412032) = 0 [pid 2097] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2096] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 2096] close(3) = 0 [pid 2096] close(6) = 0 [pid 2096] mkdir(0x200000c0, 0777 [pid 2097] <... mmap resumed>) = 0x20000000 [pid 2096] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2096] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2096] ioctl(3, LOOP_CLR_FD) = 0 [pid 2096] close(3) = 0 [pid 2096] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2096] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2097] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2095] <... futex resumed>) = 0 [pid 2095] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2096] <... futex resumed>) = 0 [pid 2096] memfd_create("syzkaller", 0) = 3 [pid 2097] <... futex resumed>) = 1 [pid 2097] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2096] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2096] munmap(0x7f22d914f000, 138412032) = 0 [pid 2096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2096] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2096] ioctl(6, LOOP_CLR_FD) = 0 [pid 2096] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2096] close(6) = 0 [pid 2096] close(3) = 0 [pid 2096] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2096] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2095] exit_group(0) = ? [pid 2097] <... futex resumed>) = ? [pid 2096] <... futex resumed>) = ? [pid 2097] +++ exited with 0 +++ [pid 2096] +++ exited with 0 +++ [pid 2095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2095, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./556", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./556/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./556/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./556/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./556/bus") = 0 umount2("./556/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./556/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./556/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./556") = 0 mkdir("./557", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2098 ./strace-static-x86_64: Process 2098 attached [pid 2098] set_robust_list(0x5555564336a0, 24) = 0 [pid 2098] chdir("./557") = 0 [pid 2098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2098] setpgid(0, 0) = 0 [pid 2098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2098] write(3, "1000", 4) = 4 [pid 2098] close(3) = 0 [pid 2098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2098] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2098] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2098] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2099 attached => {parent_tid=[2099]}, 88) = 2099 [pid 2099] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2099] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2098] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 50.530883][ T2096] loop0: detected capacity change from 0 to 512 [pid 2098] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2099] <... futex resumed>) = 0 [pid 2099] memfd_create("syzkaller", 0 [pid 2098] <... futex resumed>) = 0 [pid 2099] <... memfd_create resumed>) = 3 [pid 2098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2098] <... mmap resumed>) = 0x7f22d914f000 [pid 2098] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2100 attached => {parent_tid=[2100]}, 88) = 2100 [pid 2100] set_robust_list(0x7f22d916f9a0, 24 [pid 2098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2100] <... set_robust_list resumed>) = 0 [pid 2098] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2100] rt_sigprocmask(SIG_SETMASK, [], [pid 2098] <... futex resumed>) = 0 [pid 2098] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2100] creat("./bus", 000 [pid 2099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2100] <... creat resumed>) = 4 [pid 2100] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] <... futex resumed>) = 0 [pid 2100] <... futex resumed>) = 1 [pid 2100] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2098] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2098] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2100] <... mount resumed>) = 0 [pid 2100] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2098] <... futex resumed>) = 0 [pid 2098] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2100] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2098] <... futex resumed>) = 0 [pid 2099] <... write resumed>) = 262144 [pid 2098] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2099] munmap(0x7f22d9170000, 138412032 [pid 2100] <... open resumed>) = 5 [pid 2100] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] <... futex resumed>) = 0 [pid 2100] <... futex resumed>) = 1 [pid 2099] <... munmap resumed>) = 0 [pid 2100] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2098] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2099] ioctl(6, LOOP_SET_FD, 3 [pid 2098] <... futex resumed>) = 0 [pid 2098] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2099] <... ioctl resumed>) = 0 [pid 2099] close(3) = 0 [pid 2099] close(6) = 0 [pid 2099] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2099] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2099] ioctl(3, LOOP_CLR_FD) = 0 [pid 2099] close(3) = 0 [pid 2099] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2099] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2100] <... mmap resumed>) = 0x20000000 [pid 2100] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2098] <... futex resumed>) = 0 [pid 2098] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2100] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2098] <... futex resumed>) = 1 [pid 2099] <... futex resumed>) = 0 [pid 2099] memfd_create("syzkaller", 0) = 3 [pid 2099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2099] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2099] munmap(0x7f22d9170000, 138412032) = 0 [pid 2099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2099] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2099] ioctl(6, LOOP_CLR_FD) = 0 [pid 2099] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2099] close(6) = 0 [pid 2099] close(3) = 0 [pid 2099] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] exit_group(0) = ? [pid 2100] <... futex resumed>) = ? [pid 2100] +++ exited with 0 +++ [pid 2099] <... futex resumed>) = ? [pid 2099] +++ exited with 0 +++ [pid 2098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2098, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./557", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./557/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./557/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./557/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./557/bus") = 0 [ 50.597414][ T2099] loop0: detected capacity change from 0 to 512 [ 50.597975][ T2100] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 umount2("./557/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./557/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./557/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./557") = 0 mkdir("./558", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2101 ./strace-static-x86_64: Process 2101 attached [pid 2101] set_robust_list(0x5555564336a0, 24) = 0 [pid 2101] chdir("./558") = 0 [pid 2101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2101] setpgid(0, 0) = 0 [pid 2101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2101] write(3, "1000", 4) = 4 [pid 2101] close(3) = 0 [pid 2101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2101] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2101] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2101] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2102]}, 88) = 2102 [pid 2101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2101] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2101] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2101] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2103]}, 88) = 2103 [pid 2101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2101] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2101] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2103 attached [pid 2103] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2103] creat("./bus", 000) = 3 [pid 2103] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2101] <... futex resumed>) = 0 [pid 2101] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2101] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2103] <... futex resumed>) = 1 [pid 2103] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2103] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2101] <... futex resumed>) = 0 [pid 2101] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2102 attached [pid 2101] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2103] <... futex resumed>) = 1 [pid 2103] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2103] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2101] <... futex resumed>) = 0 [pid 2101] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2101] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2103] <... futex resumed>) = 1 [pid 2103] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2103] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2101] <... futex resumed>) = 0 [pid 2101] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2103] <... futex resumed>) = 1 [pid 2103] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2102] +++ killed by SIGBUS +++ [pid 2103] +++ killed by SIGBUS +++ [pid 2101] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2101, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./558", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./558/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./558/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./558/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./558/bus") = 0 umount2("./558/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./558/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./558/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./558") = 0 mkdir("./559", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2104 ./strace-static-x86_64: Process 2104 attached [pid 2104] set_robust_list(0x5555564336a0, 24) = 0 [pid 2104] chdir("./559") = 0 [pid 2104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2104] setpgid(0, 0) = 0 [pid 2104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2104] write(3, "1000", 4) = 4 [pid 2104] close(3) = 0 [pid 2104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2104] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2104] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2104] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2105 attached [pid 2105] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2105] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2104] <... clone3 resumed> => {parent_tid=[2105]}, 88) = 2105 [pid 2104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2104] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2105] <... futex resumed>) = 0 [pid 2105] memfd_create("syzkaller", 0 [pid 2104] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2105] <... memfd_create resumed>) = 3 [pid 2105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2104] <... futex resumed>) = 0 [pid 2104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2104] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2106]}, 88) = 2106 [pid 2104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2104] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2104] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2106 attached [pid 2105] <... write resumed>) = 262144 [pid 2105] munmap(0x7f22d9170000, 138412032 [pid 2106] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2105] <... munmap resumed>) = 0 [pid 2106] rt_sigprocmask(SIG_SETMASK, [], [pid 2105] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2106] creat("./bus", 000 [pid 2105] <... openat resumed>) = 4 [pid 2105] ioctl(4, LOOP_SET_FD, 3 [pid 2106] <... creat resumed>) = 5 [pid 2106] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2104] <... futex resumed>) = 0 [pid 2104] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2104] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2106] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2106] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2104] <... futex resumed>) = 0 [pid 2104] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2104] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2106] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2106] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2104] <... futex resumed>) = 0 [pid 2104] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2104] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2106] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2105] <... ioctl resumed>) = 0 [pid 2105] close(3) = 0 [pid 2105] close(4) = 0 [pid 2105] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2105] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2105] ioctl(3, LOOP_CLR_FD) = 0 [pid 2105] close(3) = 0 [pid 2105] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2106] <... mmap resumed>) = 0x20000000 [pid 2106] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2104] <... futex resumed>) = 0 [pid 2104] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2105] <... futex resumed>) = 0 [pid 2105] memfd_create("syzkaller", 0) = 3 [pid 2105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2106] <... futex resumed>) = 1 [pid 2106] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2105] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2105] munmap(0x7f22d9170000, 138412032) = 0 [pid 2105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2105] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2105] ioctl(4, LOOP_CLR_FD) = 0 [pid 2105] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2105] close(4) = 0 [pid 2105] close(3) = 0 [pid 2105] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2104] exit_group(0 [pid 2106] <... futex resumed>) = ? [pid 2104] <... exit_group resumed>) = ? [pid 2106] +++ exited with 0 +++ [pid 2105] <... futex resumed>) = ? [pid 2105] +++ exited with 0 +++ [pid 2104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2104, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./559", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./559/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./559/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./559/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./559/bus") = 0 umount2("./559/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./559/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./559/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./559") = 0 mkdir("./560", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2107 ./strace-static-x86_64: Process 2107 attached [ 50.698656][ T2105] loop0: detected capacity change from 0 to 512 [pid 2107] set_robust_list(0x5555564336a0, 24) = 0 [pid 2107] chdir("./560") = 0 [pid 2107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2107] setpgid(0, 0) = 0 [pid 2107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2107] write(3, "1000", 4) = 4 [pid 2107] close(3) = 0 [pid 2107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2107] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2107] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2107] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2107] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2108 attached [pid 2108] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2108] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2107] <... clone3 resumed> => {parent_tid=[2108]}, 88) = 2108 [pid 2107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2107] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2108] <... futex resumed>) = 0 [pid 2107] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2108] memfd_create("syzkaller", 0 [pid 2107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2108] <... memfd_create resumed>) = 3 [pid 2108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2107] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2108] <... mmap resumed>) = 0x7f22d914f000 [pid 2107] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2107] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2109 attached [pid 2109] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2109] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2107] <... clone3 resumed> => {parent_tid=[2109]}, 88) = 2109 [pid 2107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2107] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2109] <... futex resumed>) = 0 [pid 2109] creat("./bus", 000 [pid 2107] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2109] <... creat resumed>) = 4 [pid 2109] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2109] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2107] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2109] <... futex resumed>) = 0 [pid 2107] <... futex resumed>) = 1 [pid 2109] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2107] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2109] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2109] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2108] <... write resumed>) = 262144 [pid 2107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2108] munmap(0x7f22d914f000, 138412032 [pid 2107] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2107] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2109] <... futex resumed>) = 0 [pid 2109] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2109] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2109] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2107] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2108] <... munmap resumed>) = 0 [pid 2108] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2107] <... futex resumed>) = 1 [pid 2109] <... futex resumed>) = 0 [pid 2109] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2108] <... openat resumed>) = 6 [pid 2107] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2109] <... mmap resumed>) = 0x20000000 [pid 2108] ioctl(6, LOOP_SET_FD, 3 [pid 2109] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2109] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2107] <... futex resumed>) = 0 [pid 2107] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2109] <... futex resumed>) = 0 [pid 2108] <... ioctl resumed>) = 0 [pid 2108] close(3) = 0 [pid 2108] close(6) = 0 [pid 2108] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2108] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2108] ioctl(3, LOOP_CLR_FD) = 0 [pid 2108] close(3) = 0 [pid 2108] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2108] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2109] memfd_create("syzkaller", 0) = 3 [pid 2109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2109] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2109] munmap(0x7f22d914f000, 138412032) = 0 [pid 2109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2109] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2109] ioctl(6, LOOP_CLR_FD) = 0 [pid 2109] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2109] close(6) = 0 [pid 2109] close(3) = 0 [pid 2109] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2109] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2107] exit_group(0 [pid 2108] <... futex resumed>) = ? [pid 2107] <... exit_group resumed>) = ? [pid 2108] +++ exited with 0 +++ [pid 2109] <... futex resumed>) = ? [pid 2109] +++ exited with 0 +++ [pid 2107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2107, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./560", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./560/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./560/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./560/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./560/bus") = 0 umount2("./560/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./560/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./560/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./560") = 0 mkdir("./561", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2110 [ 50.774825][ T2108] loop0: detected capacity change from 0 to 512 [ 50.776901][ T2109] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 ./strace-static-x86_64: Process 2110 attached [pid 2110] set_robust_list(0x5555564336a0, 24) = 0 [pid 2110] chdir("./561") = 0 [pid 2110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2110] setpgid(0, 0) = 0 [pid 2110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2110] write(3, "1000", 4) = 4 [pid 2110] close(3) = 0 [pid 2110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2110] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2110] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2110] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2110] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2111 attached [pid 2111] set_robust_list(0x7f22e15909a0, 24 [pid 2110] <... clone3 resumed> => {parent_tid=[2111]}, 88) = 2111 [pid 2111] <... set_robust_list resumed>) = 0 [pid 2110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2110] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] memfd_create("syzkaller", 0 [pid 2110] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] <... memfd_create resumed>) = 3 [pid 2111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2111] <... mmap resumed>) = 0x7f22d914f000 [pid 2110] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2112 attached => {parent_tid=[2112]}, 88) = 2112 [pid 2112] set_robust_list(0x7f22e156f9a0, 24 [pid 2111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2112] <... set_robust_list resumed>) = 0 [pid 2110] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2112] rt_sigprocmask(SIG_SETMASK, [], [pid 2110] <... futex resumed>) = 0 [pid 2112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2110] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2112] creat("./bus", 000) = 4 [pid 2112] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2110] <... futex resumed>) = 0 [pid 2112] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2110] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2110] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2112] <... mount resumed>) = 0 [pid 2111] <... write resumed>) = 262144 [pid 2112] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2111] munmap(0x7f22d914f000, 138412032 [pid 2112] <... futex resumed>) = 1 [pid 2110] <... futex resumed>) = 0 [pid 2112] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2110] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2112] <... open resumed>) = 5 [pid 2110] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2112] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2111] <... munmap resumed>) = 0 [pid 2112] <... futex resumed>) = 1 [pid 2111] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2110] <... futex resumed>) = 0 [pid 2110] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2110] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2112] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2111] <... openat resumed>) = 6 [pid 2112] <... mmap resumed>) = 0x20000000 [pid 2111] ioctl(6, LOOP_SET_FD, 3 [pid 2112] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2110] <... futex resumed>) = 0 [pid 2110] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] <... ioctl resumed>) = 0 [pid 2111] close(3) = 0 [pid 2111] close(6 [pid 2112] memfd_create("syzkaller", 0 [pid 2111] <... close resumed>) = 0 [pid 2111] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2111] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2111] ioctl(3, LOOP_CLR_FD) = 0 [pid 2111] close(3) = 0 [pid 2111] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2112] <... memfd_create resumed>) = 3 [pid 2112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2112] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2112] munmap(0x7f22d914f000, 138412032) = 0 [pid 2112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2112] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2112] ioctl(6, LOOP_CLR_FD) = 0 [pid 2112] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2112] close(6) = 0 [pid 2112] close(3) = 0 [pid 2112] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2112] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2110] exit_group(0) = ? [pid 2111] <... futex resumed>) = ? [pid 2111] +++ exited with 0 +++ [pid 2112] <... futex resumed>) = ? [pid 2112] +++ exited with 0 +++ [pid 2110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2110, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./561", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./561/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./561/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./561/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./561/bus") = 0 umount2("./561/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./561/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./561/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./561") = 0 mkdir("./562", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2113 ./strace-static-x86_64: Process 2113 attached [pid 2113] set_robust_list(0x5555564336a0, 24) = 0 [ 50.861044][ T2111] loop0: detected capacity change from 0 to 512 [ 50.861631][ T2112] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [ 50.877195][ T2112] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.886329][ T2112] Buffer I/O error on dev loop0, logical block 0, async page read [pid 2113] chdir("./562") = 0 [pid 2113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2113] setpgid(0, 0) = 0 [pid 2113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2113] write(3, "1000", 4) = 4 [pid 2113] close(3) = 0 [pid 2113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2113] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2113] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2113] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2114 attached [pid 2114] set_robust_list(0x7f22e15909a0, 24 [pid 2113] <... clone3 resumed> => {parent_tid=[2114]}, 88) = 2114 [pid 2114] <... set_robust_list resumed>) = 0 [pid 2113] rt_sigprocmask(SIG_SETMASK, [], [pid 2114] rt_sigprocmask(SIG_SETMASK, [], [pid 2113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2113] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2114] memfd_create("syzkaller", 0 [pid 2113] <... futex resumed>) = 0 [pid 2113] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2114] <... memfd_create resumed>) = 3 [pid 2113] <... futex resumed>) = 0 [pid 2114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2114] <... mmap resumed>) = 0x7f22d914f000 [pid 2113] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2115]}, 88) = 2115 [pid 2113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2113] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2113] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2115 attached [pid 2115] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2115] creat("./bus", 000) = 4 [pid 2115] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2113] <... futex resumed>) = 0 [pid 2113] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2113] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2115] <... futex resumed>) = 1 [pid 2115] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2115] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2113] <... futex resumed>) = 0 [pid 2113] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2113] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2115] <... futex resumed>) = 1 [pid 2115] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2115] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2113] <... futex resumed>) = 0 [pid 2113] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2113] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2115] <... futex resumed>) = 1 [pid 2115] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2115] <... mmap resumed>) = 0x20000000 [pid 2115] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2114] <... write resumed>) = 262144 [pid 2115] <... futex resumed>) = 1 [pid 2113] <... futex resumed>) = 0 [pid 2113] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2115] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2115] +++ killed by SIGBUS +++ [pid 2114] +++ killed by SIGBUS +++ [pid 2113] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2113, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./562", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./562/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./562/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./562/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./562/bus") = 0 umount2("./562/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./562/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./562/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./562") = 0 mkdir("./563", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2116 ./strace-static-x86_64: Process 2116 attached [pid 2116] set_robust_list(0x5555564336a0, 24) = 0 [pid 2116] chdir("./563") = 0 [pid 2116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2116] setpgid(0, 0) = 0 [pid 2116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2116] write(3, "1000", 4) = 4 [pid 2116] close(3) = 0 [pid 2116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2116] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2116] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2116] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2117]}, 88) = 2117 ./strace-static-x86_64: Process 2117 attached [pid 2117] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2117] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2116] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2117] <... futex resumed>) = 0 [pid 2117] memfd_create("syzkaller", 0 [pid 2116] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2117] <... memfd_create resumed>) = 3 [pid 2117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2116] <... futex resumed>) = 0 [pid 2116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2116] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2118]}, 88) = 2118 [pid 2116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2116] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2116] <... futex resumed>) = 0 [pid 2116] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2118 attached [pid 2117] <... write resumed>) = 262144 [pid 2117] munmap(0x7f22d9170000, 138412032) = 0 [pid 2117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2117] ioctl(4, LOOP_SET_FD, 3 [pid 2118] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2118] creat("./bus", 000) = 5 [pid 2118] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2116] <... futex resumed>) = 0 [pid 2116] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2116] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2118] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2118] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2116] <... futex resumed>) = 0 [pid 2116] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2116] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2118] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2118] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2116] <... futex resumed>) = 0 [pid 2116] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2116] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2118] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2117] <... ioctl resumed>) = 0 [pid 2117] close(3) = 0 [pid 2117] close(4 [pid 2118] <... mmap resumed>) = 0x20000000 [pid 2118] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2116] <... futex resumed>) = 0 [pid 2116] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2118] memfd_create("syzkaller", 0) = 3 [pid 2118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2117] <... close resumed>) = 0 [pid 2117] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2117] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2117] ioctl(4, LOOP_CLR_FD) = 0 [pid 2117] close(4) = 0 [pid 2117] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2117] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2118] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2118] munmap(0x7f22d9170000, 138412032) = 0 [pid 2118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2118] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2118] ioctl(4, LOOP_CLR_FD) = 0 [pid 2118] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2118] close(4) = 0 [pid 2118] close(3) = 0 [pid 2118] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2118] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2116] exit_group(0) = ? [pid 2117] <... futex resumed>) = ? [pid 2117] +++ exited with 0 +++ [pid 2118] <... futex resumed>) = ? [pid 2118] +++ exited with 0 +++ [pid 2116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2116, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./563", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./563/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./563/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./563/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./563/bus") = 0 umount2("./563/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./563/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./563/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./563") = 0 mkdir("./564", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2119 ./strace-static-x86_64: Process 2119 attached [pid 2119] set_robust_list(0x5555564336a0, 24) = 0 [pid 2119] chdir("./564") = 0 [ 50.972906][ T2117] loop0: detected capacity change from 0 to 512 [pid 2119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2119] setpgid(0, 0) = 0 [pid 2119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2119] write(3, "1000", 4) = 4 [pid 2119] close(3) = 0 [pid 2119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2119] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2119] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2119] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2120 attached => {parent_tid=[2120]}, 88) = 2120 [pid 2120] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2120] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2119] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2120] <... futex resumed>) = 0 [pid 2119] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2120] memfd_create("syzkaller", 0 [pid 2119] <... futex resumed>) = 0 [pid 2120] <... memfd_create resumed>) = 3 [pid 2120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2119] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2121]}, 88) = 2121 [pid 2119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2119] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2119] <... futex resumed>) = 0 [pid 2119] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2121 attached [pid 2120] <... write resumed>) = 262144 [pid 2121] set_robust_list(0x7f22d916f9a0, 24 [pid 2120] munmap(0x7f22d9170000, 138412032 [pid 2121] <... set_robust_list resumed>) = 0 [pid 2121] rt_sigprocmask(SIG_SETMASK, [], [pid 2120] <... munmap resumed>) = 0 [pid 2121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2120] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2121] creat("./bus", 000 [pid 2120] <... openat resumed>) = 4 [pid 2120] ioctl(4, LOOP_SET_FD, 3 [pid 2121] <... creat resumed>) = 5 [pid 2121] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2119] <... futex resumed>) = 0 [pid 2119] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2119] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2121] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2121] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2119] <... futex resumed>) = 0 [pid 2119] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2119] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2121] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2121] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2119] <... futex resumed>) = 0 [pid 2119] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2119] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2121] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2120] <... ioctl resumed>) = 0 [pid 2120] close(3) = 0 [pid 2120] close(4) = 0 [pid 2120] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2120] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2121] <... mmap resumed>) = 0x20000000 [pid 2120] ioctl(3, LOOP_CLR_FD) = 0 [pid 2120] close(3) = 0 [pid 2120] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2120] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2121] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2119] <... futex resumed>) = 0 [pid 2119] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2120] <... futex resumed>) = 0 [pid 2120] memfd_create("syzkaller", 0) = 3 [pid 2120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2121] <... futex resumed>) = 1 [pid 2121] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2120] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2120] munmap(0x7f22d9170000, 138412032) = 0 [pid 2120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2120] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2120] ioctl(4, LOOP_CLR_FD) = 0 [pid 2120] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2120] close(4) = 0 [pid 2120] close(3) = 0 [pid 2120] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2120] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2119] exit_group(0 [pid 2121] <... futex resumed>) = ? [pid 2121] +++ exited with 0 +++ [pid 2119] <... exit_group resumed>) = ? [pid 2120] <... futex resumed>) = ? [pid 2120] +++ exited with 0 +++ [pid 2119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2119, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./564", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 51.042433][ T2120] loop0: detected capacity change from 0 to 512 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./564/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./564/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./564/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./564/bus") = 0 umount2("./564/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./564/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./564/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./564") = 0 mkdir("./565", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2122 ./strace-static-x86_64: Process 2122 attached [pid 2122] set_robust_list(0x5555564336a0, 24) = 0 [pid 2122] chdir("./565") = 0 [pid 2122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2122] setpgid(0, 0) = 0 [pid 2122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2122] write(3, "1000", 4) = 4 [pid 2122] close(3) = 0 [pid 2122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2122] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2122] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2122] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2123 attached [pid 2123] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2123] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2122] <... clone3 resumed> => {parent_tid=[2123]}, 88) = 2123 [pid 2122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2122] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2123] <... futex resumed>) = 0 [pid 2122] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2123] memfd_create("syzkaller", 0) = 3 [pid 2123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2122] <... futex resumed>) = 0 [pid 2122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2122] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2124]}, 88) = 2124 [pid 2122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2122] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2122] <... futex resumed>) = 0 [pid 2122] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2124 attached [pid 2123] <... write resumed>) = 262144 [pid 2123] munmap(0x7f22d9170000, 138412032) = 0 [pid 2123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2123] ioctl(4, LOOP_SET_FD, 3 [pid 2124] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2124] creat("./bus", 000) = 5 [pid 2124] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2122] <... futex resumed>) = 0 [pid 2122] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2122] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2124] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2124] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2122] <... futex resumed>) = 0 [pid 2122] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2122] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2124] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2124] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2122] <... futex resumed>) = 0 [pid 2122] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2122] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2124] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2123] <... ioctl resumed>) = 0 [pid 2123] close(3) = 0 [pid 2123] close(4) = 0 [pid 2123] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2123] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2123] ioctl(3, LOOP_CLR_FD) = 0 [pid 2123] close(3) = 0 [pid 2123] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2123] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2124] <... mmap resumed>) = 0x20000000 [pid 2124] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2122] <... futex resumed>) = 0 [pid 2122] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2124] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2123] <... futex resumed>) = 0 [pid 2123] memfd_create("syzkaller", 0) = 3 [pid 2123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2123] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2123] munmap(0x7f22d9170000, 138412032) = 0 [pid 2123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2123] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2123] ioctl(4, LOOP_CLR_FD) = 0 [pid 2123] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2123] close(4) = 0 [pid 2123] close(3) = 0 [pid 2123] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2122] exit_group(0 [pid 2123] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2124] <... futex resumed>) = ? [pid 2123] <... futex resumed>) = ? [pid 2122] <... exit_group resumed>) = ? [pid 2124] +++ exited with 0 +++ [pid 2123] +++ exited with 0 +++ [pid 2122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2122, si_uid=0, si_status=0, si_utime=1, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./565", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./565/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./565/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./565/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./565/bus") = 0 umount2("./565/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./565/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./565/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./565") = 0 mkdir("./566", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2125 ./strace-static-x86_64: Process 2125 attached [ 51.124299][ T2123] loop0: detected capacity change from 0 to 512 [pid 2125] set_robust_list(0x5555564336a0, 24) = 0 [pid 2125] chdir("./566") = 0 [pid 2125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2125] setpgid(0, 0) = 0 [pid 2125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2125] write(3, "1000", 4) = 4 [pid 2125] close(3) = 0 [pid 2125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2125] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2125] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2125] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2126 attached => {parent_tid=[2126]}, 88) = 2126 [pid 2126] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2126] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2125] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2126] <... futex resumed>) = 0 [pid 2125] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2126] memfd_create("syzkaller", 0 [pid 2125] <... futex resumed>) = 0 [pid 2126] <... memfd_create resumed>) = 3 [pid 2126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2125] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2127]}, 88) = 2127 [pid 2125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2125] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2125] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2127 attached [pid 2126] <... write resumed>) = 262144 [pid 2127] set_robust_list(0x7f22d916f9a0, 24 [pid 2126] munmap(0x7f22d9170000, 138412032 [pid 2127] <... set_robust_list resumed>) = 0 [pid 2126] <... munmap resumed>) = 0 [pid 2127] rt_sigprocmask(SIG_SETMASK, [], [pid 2126] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2127] creat("./bus", 000 [pid 2126] <... openat resumed>) = 4 [pid 2126] ioctl(4, LOOP_SET_FD, 3 [pid 2127] <... creat resumed>) = 5 [pid 2127] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2125] <... futex resumed>) = 0 [pid 2125] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2125] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2127] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2127] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2125] <... futex resumed>) = 0 [pid 2125] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2125] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2127] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2127] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2125] <... futex resumed>) = 0 [pid 2125] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2125] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2127] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2126] <... ioctl resumed>) = 0 [pid 2126] close(3) = 0 [pid 2126] close(4) = 0 [pid 2126] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2126] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2126] ioctl(3, LOOP_CLR_FD) = 0 [pid 2126] close(3) = 0 [pid 2126] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2126] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2127] <... mmap resumed>) = 0x20000000 [pid 2127] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2125] <... futex resumed>) = 0 [pid 2125] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2126] <... futex resumed>) = 0 [pid 2126] memfd_create("syzkaller", 0) = 3 [pid 2126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2127] <... futex resumed>) = 1 [pid 2127] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2126] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2126] munmap(0x7f22d9170000, 138412032) = 0 [pid 2126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2126] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2126] ioctl(4, LOOP_CLR_FD) = 0 [pid 2126] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2126] close(4) = 0 [pid 2126] close(3) = 0 [pid 2126] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2125] exit_group(0 [pid 2127] <... futex resumed>) = ? [pid 2125] <... exit_group resumed>) = ? [pid 2127] +++ exited with 0 +++ [pid 2126] +++ exited with 0 +++ [pid 2125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2125, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./566", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./566/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./566/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./566/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./566/bus") = 0 umount2("./566/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./566/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./566/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./566") = 0 mkdir("./567", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2128 ./strace-static-x86_64: Process 2128 attached [pid 2128] set_robust_list(0x5555564336a0, 24) = 0 [pid 2128] chdir("./567") = 0 [pid 2128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2128] setpgid(0, 0) = 0 [pid 2128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2128] write(3, "1000", 4) = 4 [pid 2128] close(3) = 0 [pid 2128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2128] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2128] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2128] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2129]}, 88) = 2129 [pid 2128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2128] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2129 attached [pid 2128] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2128] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2128] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2129] set_robust_list(0x7f22e15909a0, 24 [pid 2128] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2130 attached [pid 2129] <... set_robust_list resumed>) = 0 [pid 2128] <... clone3 resumed> => {parent_tid=[2130]}, 88) = 2130 [pid 2128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2128] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2128] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2130] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2130] creat("./bus", 000 [pid 2129] rt_sigprocmask(SIG_SETMASK, [], [pid 2130] <... creat resumed>) = 3 [pid 2129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2130] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2128] <... futex resumed>) = 0 [pid 2128] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2128] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2130] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2130] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2128] <... futex resumed>) = 0 [pid 2128] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2128] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2129] memfd_create("syzkaller", 0 [pid 2130] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2130] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2128] <... futex resumed>) = 0 [pid 2128] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2128] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2130] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2130] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2128] <... futex resumed>) = 0 [pid 2128] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2130] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2129] <... memfd_create resumed>) = ? [pid 2129] +++ killed by SIGBUS +++ [pid 2130] +++ killed by SIGBUS +++ [pid 2128] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2128, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./567", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./567/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./567/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./567/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./567/bus") = 0 umount2("./567/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./567/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./567/binderfs") = 0 [ 51.195264][ T2126] loop0: detected capacity change from 0 to 512 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./567") = 0 mkdir("./568", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2131 ./strace-static-x86_64: Process 2131 attached [pid 2131] set_robust_list(0x5555564336a0, 24) = 0 [pid 2131] chdir("./568") = 0 [pid 2131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2131] setpgid(0, 0) = 0 [pid 2131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2131] write(3, "1000", 4) = 4 [pid 2131] close(3) = 0 [pid 2131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2131] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2131] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2131] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2132]}, 88) = 2132 [pid 2131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2131] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2131] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2131] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2133]}, 88) = 2133 ./strace-static-x86_64: Process 2133 attached [pid 2131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2131] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2131] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2132 attached [pid 2132] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2132] memfd_create("syzkaller", 0) = 3 [pid 2133] set_robust_list(0x7f22e156f9a0, 24 [pid 2132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2133] <... set_robust_list resumed>) = 0 [pid 2133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2133] creat("./bus", 000) = 4 [pid 2133] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2131] <... futex resumed>) = 0 [pid 2131] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2131] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2133] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2133] <... mount resumed>) = 0 [pid 2133] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2131] <... futex resumed>) = 0 [pid 2131] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2131] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2133] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2132] <... write resumed>) = 262144 [pid 2133] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2132] munmap(0x7f22d914f000, 138412032 [pid 2133] <... futex resumed>) = 1 [pid 2131] <... futex resumed>) = 0 [pid 2131] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2131] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2132] <... munmap resumed>) = 0 [pid 2132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2132] ioctl(6, LOOP_SET_FD, 3 [pid 2133] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2132] <... ioctl resumed>) = 0 [pid 2132] close(3) = 0 [pid 2132] close(6) = 0 [pid 2132] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2132] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2132] ioctl(3, LOOP_CLR_FD) = 0 [pid 2133] <... mmap resumed>) = 0x20000000 [pid 2132] close(3) = 0 [pid 2132] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2132] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2133] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2131] <... futex resumed>) = 0 [pid 2131] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2132] <... futex resumed>) = 0 [pid 2132] memfd_create("syzkaller", 0) = 3 [pid 2132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2133] <... futex resumed>) = 1 [pid 2133] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2132] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2132] munmap(0x7f22d914f000, 138412032) = 0 [pid 2132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2132] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2132] ioctl(6, LOOP_CLR_FD) = 0 [pid 2132] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2132] close(6) = 0 [pid 2132] close(3) = 0 [pid 2132] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2132] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2131] exit_group(0 [pid 2133] <... futex resumed>) = ? [pid 2131] <... exit_group resumed>) = ? [pid 2133] +++ exited with 0 +++ [pid 2132] <... futex resumed>) = ? [pid 2132] +++ exited with 0 +++ [pid 2131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2131, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./568", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./568/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./568/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./568/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 51.267255][ T2132] loop0: detected capacity change from 0 to 512 unlink("./568/bus") = 0 umount2("./568/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./568/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./568/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./568") = 0 mkdir("./569", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2134 ./strace-static-x86_64: Process 2134 attached [pid 2134] set_robust_list(0x5555564336a0, 24) = 0 [pid 2134] chdir("./569") = 0 [pid 2134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2134] setpgid(0, 0) = 0 [pid 2134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2134] write(3, "1000", 4) = 4 [pid 2134] close(3) = 0 [pid 2134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2134] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2134] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2135]}, 88) = 2135 [pid 2134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2134] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2134] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2136]}, 88) = 2136 [pid 2134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2134] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2136 attached [pid 2136] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2136] creat("./bus", 000) = 3 [pid 2136] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2134] <... futex resumed>) = 0 [pid 2134] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2136] <... futex resumed>) = 1 [pid 2136] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2136] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2134] <... futex resumed>) = 0 [pid 2134] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2136] <... futex resumed>) = 1 [pid 2136] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2136] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2134] <... futex resumed>) = 0 [pid 2134] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2136] <... futex resumed>) = 1 [pid 2136] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2136] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2134] <... futex resumed>) = 0 [pid 2134] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2136] <... futex resumed>) = 1 [pid 2136] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2136] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2135 attached [pid 2135] +++ killed by SIGBUS +++ [pid 2134] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2134, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./569", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./569/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./569/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./569/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./569/bus") = 0 umount2("./569/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./569/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./569/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./569") = 0 mkdir("./570", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2137 ./strace-static-x86_64: Process 2137 attached [pid 2137] set_robust_list(0x5555564336a0, 24) = 0 [pid 2137] chdir("./570") = 0 [pid 2137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2137] setpgid(0, 0) = 0 [pid 2137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2137] write(3, "1000", 4) = 4 [pid 2137] close(3) = 0 [pid 2137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2137] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2137] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2137] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2138 attached => {parent_tid=[2138]}, 88) = 2138 [pid 2138] set_robust_list(0x7f22e15909a0, 24 [pid 2137] rt_sigprocmask(SIG_SETMASK, [], [pid 2138] <... set_robust_list resumed>) = 0 [pid 2137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2138] rt_sigprocmask(SIG_SETMASK, [], [pid 2137] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2137] <... futex resumed>) = 0 [pid 2137] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2138] memfd_create("syzkaller", 0 [pid 2137] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2137] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2138] <... memfd_create resumed>) = 3 [pid 2137] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2138] <... mmap resumed>) = 0x7f22d914f000 [pid 2137] <... clone3 resumed> => {parent_tid=[2139]}, 88) = 2139 [pid 2137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2137] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2137] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2139 attached [pid 2138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2139] set_robust_list(0x7f22e156f9a0, 24 [pid 2138] <... write resumed>) = 262144 [pid 2138] munmap(0x7f22d914f000, 138412032) = 0 [pid 2139] <... set_robust_list resumed>) = 0 [pid 2139] rt_sigprocmask(SIG_SETMASK, [], [pid 2138] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2139] creat("./bus", 000 [pid 2138] <... openat resumed>) = 5 [pid 2138] ioctl(5, LOOP_SET_FD, 3 [pid 2139] <... creat resumed>) = 4 [pid 2139] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2139] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2137] <... futex resumed>) = 0 [pid 2137] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2137] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2139] <... futex resumed>) = 0 [pid 2139] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2139] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2137] <... futex resumed>) = 0 [pid 2137] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2137] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2139] <... futex resumed>) = 1 [pid 2139] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2139] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2137] <... futex resumed>) = 0 [pid 2137] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2137] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2139] <... futex resumed>) = 1 [pid 2139] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2138] <... ioctl resumed>) = 0 [pid 2138] close(3) = 0 [pid 2138] close(5) = 0 [pid 2138] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2138] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2138] ioctl(3, LOOP_CLR_FD) = 0 [pid 2138] close(3) = 0 [pid 2138] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2138] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2139] <... mmap resumed>) = 0x20000000 [pid 2139] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2137] <... futex resumed>) = 0 [pid 2137] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2138] <... futex resumed>) = 0 [pid 2138] memfd_create("syzkaller", 0) = 3 [pid 2138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2139] <... futex resumed>) = 1 [pid 2139] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2138] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2138] munmap(0x7f22d914f000, 138412032) = 0 [pid 2138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2138] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2138] ioctl(5, LOOP_CLR_FD) = 0 [pid 2138] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2138] close(5) = 0 [pid 2138] close(3) = 0 [pid 2138] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2138] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2137] exit_group(0) = ? [pid 2139] <... futex resumed>) = ? [pid 2138] <... futex resumed>) = ? [pid 2139] +++ exited with 0 +++ [pid 2138] +++ exited with 0 +++ [pid 2137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2137, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./570", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./570/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./570/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./570/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./570/bus") = 0 umount2("./570/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./570/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./570/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./570") = 0 mkdir("./571", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2140 ./strace-static-x86_64: Process 2140 attached [pid 2140] set_robust_list(0x5555564336a0, 24) = 0 [pid 2140] chdir("./571") = 0 [pid 2140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2140] setpgid(0, 0) = 0 [pid 2140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2140] write(3, "1000", 4) = 4 [pid 2140] close(3) = 0 [pid 2140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2140] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2140] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [ 51.352248][ T2138] loop0: detected capacity change from 0 to 512 [pid 2140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2140] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2141]}, 88) = 2141 ./strace-static-x86_64: Process 2141 attached [pid 2141] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2141] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2140] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2141] <... futex resumed>) = 0 [pid 2140] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2141] memfd_create("syzkaller", 0) = 3 [pid 2141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2140] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2143]}, 88) = 2143 [pid 2140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2140] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2140] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2143 attached [pid 2141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2143] set_robust_list(0x7f22d916f9a0, 24 [pid 2141] <... write resumed>) = 262144 [pid 2141] munmap(0x7f22d9170000, 138412032 [pid 2143] <... set_robust_list resumed>) = 0 [pid 2143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2141] <... munmap resumed>) = 0 [pid 2143] creat("./bus", 000 [pid 2141] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2143] <... creat resumed>) = 4 [pid 2143] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2140] <... futex resumed>) = 0 [pid 2140] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2140] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2143] <... futex resumed>) = 1 [pid 2143] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2141] <... openat resumed>) = 5 [pid 2141] ioctl(5, LOOP_SET_FD, 3 [pid 2143] <... mount resumed>) = 0 [pid 2143] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2140] <... futex resumed>) = 0 [pid 2140] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2140] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2143] <... futex resumed>) = 1 [pid 2143] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2143] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2140] <... futex resumed>) = 0 [pid 2140] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2140] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2143] <... futex resumed>) = 1 [pid 2143] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2141] <... ioctl resumed>) = 0 [pid 2141] close(3) = 0 [pid 2141] close(5) = 0 [pid 2141] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2141] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2141] ioctl(3, LOOP_CLR_FD) = 0 [pid 2141] close(3) = 0 [pid 2141] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2141] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2143] <... mmap resumed>) = 0x20000000 [pid 2143] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2140] <... futex resumed>) = 0 [pid 2140] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2141] <... futex resumed>) = 0 [pid 2141] memfd_create("syzkaller", 0) = 3 [pid 2141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2143] <... futex resumed>) = 1 [pid 2143] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2141] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2141] munmap(0x7f22d9170000, 138412032) = 0 [pid 2141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2141] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2141] ioctl(5, LOOP_CLR_FD) = 0 [pid 2141] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2141] close(5) = 0 [pid 2141] close(3) = 0 [pid 2141] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2141] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2140] exit_group(0 [pid 2143] <... futex resumed>) = ? [pid 2140] <... exit_group resumed>) = ? [pid 2143] +++ exited with 0 +++ [pid 2141] <... futex resumed>) = ? [pid 2141] +++ exited with 0 +++ [pid 2140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2140, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./571", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./571/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./571/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./571/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./571/bus") = 0 umount2("./571/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./571/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./571/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./571") = 0 mkdir("./572", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2144 ./strace-static-x86_64: Process 2144 attached [pid 2144] set_robust_list(0x5555564336a0, 24) = 0 [pid 2144] chdir("./572") = 0 [pid 2144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2144] setpgid(0, 0) = 0 [pid 2144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2144] write(3, "1000", 4) = 4 [pid 2144] close(3) = 0 [pid 2144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2144] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2144] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2145]}, 88) = 2145 ./strace-static-x86_64: Process 2145 attached [pid 2145] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2145] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2144] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2145] <... futex resumed>) = 0 [pid 2144] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2145] memfd_create("syzkaller", 0) = 3 [pid 2145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2144] <... futex resumed>) = 0 [pid 2144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2144] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2146]}, 88) = 2146 ./strace-static-x86_64: Process 2146 attached [pid 2145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2146] set_robust_list(0x7f22d916f9a0, 24 [pid 2144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2144] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2146] <... set_robust_list resumed>) = 0 [pid 2145] <... write resumed>) = 262144 [pid 2146] rt_sigprocmask(SIG_SETMASK, [], [pid 2145] munmap(0x7f22d9170000, 138412032 [pid 2146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2145] <... munmap resumed>) = 0 [pid 2145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2145] ioctl(4, LOOP_SET_FD, 3 [ 51.421003][ T2141] loop0: detected capacity change from 0 to 512 [pid 2146] creat("./bus", 000) = 5 [pid 2146] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2146] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2146] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2146] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2146] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2146] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2145] <... ioctl resumed>) = 0 [pid 2145] close(3) = 0 [pid 2145] close(4) = 0 [pid 2145] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2145] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2145] ioctl(3, LOOP_CLR_FD) = 0 [pid 2145] close(3) = 0 [pid 2145] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2145] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2146] <... mmap resumed>) = 0x20000000 [pid 2146] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2145] <... futex resumed>) = 0 [pid 2145] memfd_create("syzkaller", 0) = 3 [pid 2145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2146] <... futex resumed>) = 1 [pid 2146] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2145] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2145] munmap(0x7f22d9170000, 138412032) = 0 [pid 2145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2145] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2145] ioctl(4, LOOP_CLR_FD) = 0 [pid 2145] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2145] close(4) = 0 [pid 2145] close(3) = 0 [pid 2145] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2145] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2144] exit_group(0 [pid 2146] <... futex resumed>) = ? [pid 2144] <... exit_group resumed>) = ? [pid 2146] +++ exited with 0 +++ [pid 2145] <... futex resumed>) = ? [pid 2145] +++ exited with 0 +++ [pid 2144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2144, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./572", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./572/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./572/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./572/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./572/bus") = 0 umount2("./572/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./572/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./572/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./572") = 0 mkdir("./573", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2147 ./strace-static-x86_64: Process 2147 attached [pid 2147] set_robust_list(0x5555564336a0, 24) = 0 [pid 2147] chdir("./573") = 0 [pid 2147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2147] setpgid(0, 0) = 0 [pid 2147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2147] write(3, "1000", 4) = 4 [pid 2147] close(3) = 0 [pid 2147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2147] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2147] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2147] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2148]}, 88) = 2148 [pid 2147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2147] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 51.478333][ T2145] loop0: detected capacity change from 0 to 512 [pid 2147] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2147] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2148 attached ./strace-static-x86_64: Process 2149 attached => {parent_tid=[2149]}, 88) = 2149 [pid 2149] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2147] rt_sigprocmask(SIG_SETMASK, [], [pid 2149] rt_sigprocmask(SIG_SETMASK, [], [pid 2147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2147] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2147] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2149] creat("./bus", 000 [pid 2148] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2149] <... creat resumed>) = 3 [pid 2149] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2147] <... futex resumed>) = 0 [pid 2149] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2147] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2147] <... futex resumed>) = 0 [pid 2149] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2147] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2149] <... mount resumed>) = 0 [pid 2149] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2148] rt_sigprocmask(SIG_SETMASK, [], [pid 2149] <... futex resumed>) = 1 [pid 2147] <... futex resumed>) = 0 [pid 2149] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2147] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2147] <... futex resumed>) = 0 [pid 2149] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2147] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2149] <... open resumed>) = 4 [pid 2149] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2147] <... futex resumed>) = 0 [pid 2149] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2147] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2147] <... futex resumed>) = 0 [pid 2149] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2147] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2149] <... mmap resumed>) = 0x20000000 [pid 2149] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2147] <... futex resumed>) = 0 [pid 2147] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2149] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2148] +++ killed by SIGBUS +++ [pid 2149] +++ killed by SIGBUS +++ [pid 2147] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2147, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./573", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./573/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./573/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./573/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./573/bus") = 0 umount2("./573/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./573/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./573/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./573") = 0 mkdir("./574", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2150 ./strace-static-x86_64: Process 2150 attached [pid 2150] set_robust_list(0x5555564336a0, 24) = 0 [pid 2150] chdir("./574") = 0 [pid 2150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2150] setpgid(0, 0) = 0 [pid 2150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2150] write(3, "1000", 4) = 4 [pid 2150] close(3) = 0 [pid 2150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2150] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2150] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2150] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2150] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2151 attached => {parent_tid=[2151]}, 88) = 2151 [pid 2151] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2151] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2150] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2150] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2151] <... futex resumed>) = 0 [pid 2151] memfd_create("syzkaller", 0) = 3 [pid 2151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2150] <... futex resumed>) = 0 [pid 2150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2150] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2150] <... clone3 resumed> => {parent_tid=[2152]}, 88) = 2152 [pid 2150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2150] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2150] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2152 attached [pid 2151] <... write resumed>) = 262144 [pid 2152] set_robust_list(0x7f22d916f9a0, 24 [pid 2151] munmap(0x7f22d9170000, 138412032) = 0 [pid 2151] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2152] <... set_robust_list resumed>) = 0 [pid 2151] <... openat resumed>) = 4 [pid 2151] ioctl(4, LOOP_SET_FD, 3 [pid 2152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2152] creat("./bus", 000) = 5 [pid 2152] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2150] <... futex resumed>) = 0 [pid 2150] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2150] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2152] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2152] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2150] <... futex resumed>) = 0 [pid 2150] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2150] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2152] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2152] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2150] <... futex resumed>) = 0 [pid 2150] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2150] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2152] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2151] <... ioctl resumed>) = 0 [pid 2151] close(3) = 0 [pid 2151] close(4) = 0 [pid 2151] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2151] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2151] ioctl(3, LOOP_CLR_FD) = 0 [pid 2151] close(3) = 0 [pid 2151] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2151] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2152] <... mmap resumed>) = 0x20000000 [pid 2152] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2150] <... futex resumed>) = 0 [pid 2150] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2151] <... futex resumed>) = 0 [pid 2151] memfd_create("syzkaller", 0) = 3 [pid 2151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2152] <... futex resumed>) = 1 [pid 2152] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2151] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2151] munmap(0x7f22d9170000, 138412032) = 0 [pid 2151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2151] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2151] ioctl(4, LOOP_CLR_FD) = 0 [pid 2151] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2151] close(4) = 0 [pid 2151] close(3) = 0 [pid 2151] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2150] exit_group(0 [pid 2152] <... futex resumed>) = ? [pid 2150] <... exit_group resumed>) = ? [pid 2152] +++ exited with 0 +++ [pid 2151] +++ exited with 0 +++ [pid 2150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2150, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./574", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./574/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./574/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./574/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./574/bus") = 0 umount2("./574/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./574/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./574/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./574") = 0 mkdir("./575", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 51.569991][ T2151] loop0: detected capacity change from 0 to 512 [ 51.576611][ T2152] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 22 prio class 2 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2153 ./strace-static-x86_64: Process 2153 attached [pid 2153] set_robust_list(0x5555564336a0, 24) = 0 [pid 2153] chdir("./575") = 0 [pid 2153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2153] setpgid(0, 0) = 0 [pid 2153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2153] write(3, "1000", 4) = 4 [pid 2153] close(3) = 0 [pid 2153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2153] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2153] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2153] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2154 attached => {parent_tid=[2154]}, 88) = 2154 [pid 2154] set_robust_list(0x7f22e15909a0, 24 [pid 2153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2153] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2153] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2153] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2155]}, 88) = 2155 [pid 2153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2153] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2153] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2154] <... set_robust_list resumed>) = 0 [pid 2154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2154] memfd_create("syzkaller", 0) = 3 [pid 2154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2155 attached [pid 2155] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2155] creat("./bus", 000) = 4 [pid 2155] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2155] <... futex resumed>) = 1 [pid 2153] <... futex resumed>) = 0 [pid 2153] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2153] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2155] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2155] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2154] <... write resumed>) = 262144 [pid 2153] <... futex resumed>) = 0 [pid 2153] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2153] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2154] munmap(0x7f22d914f000, 138412032) = 0 [pid 2155] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2154] ioctl(5, LOOP_SET_FD, 3 [pid 2155] <... open resumed>) = 6 [pid 2154] <... ioctl resumed>) = 0 [pid 2154] close(3) = 0 [pid 2154] close(5 [pid 2155] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2154] <... close resumed>) = 0 [pid 2154] mkdir("./file0", 0777 [pid 2155] <... futex resumed>) = 1 [pid 2154] <... mkdir resumed>) = 0 [pid 2153] <... futex resumed>) = 0 [pid 2153] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2153] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2155] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2154] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2155] <... mmap resumed>) = 0x20000000 [pid 2155] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2153] <... futex resumed>) = 0 [pid 2155] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2153] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2153] <... futex resumed>) = 0 [pid 2155] memfd_create("syzkaller", 0) = 3 [pid 2155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2154] <... mount resumed>) = 0 [pid 2154] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2154] ioctl(5, LOOP_CLR_FD) = 0 [pid 2154] close(5) = 0 [pid 2154] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2155] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2155] munmap(0x7f22d914f000, 138412032) = 0 [pid 2155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2155] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2155] ioctl(5, LOOP_CLR_FD) = 0 [pid 2155] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2155] close(5) = 0 [pid 2155] close(3) = 0 [pid 2155] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2155] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2153] exit_group(0 [pid 2154] <... futex resumed>) = ? [pid 2153] <... exit_group resumed>) = ? [pid 2154] +++ exited with 0 +++ [pid 2155] <... futex resumed>) = ? [pid 2155] +++ exited with 0 +++ [pid 2153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2153, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./575", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./575/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./575/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./575/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./575/bus") = 0 umount2("./575/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./575/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./575/binderfs") = 0 umount2("./575/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./575/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./575/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./575/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./575/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./575") = 0 mkdir("./576", 0777) = 0 [ 51.642676][ T2154] loop0: detected capacity change from 0 to 512 [ 51.656172][ T2154] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2158 ./strace-static-x86_64: Process 2158 attached [pid 2158] set_robust_list(0x5555564336a0, 24) = 0 [pid 2158] chdir("./576") = 0 [pid 2158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2158] setpgid(0, 0) = 0 [pid 2158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2158] write(3, "1000", 4) = 4 [pid 2158] close(3) = 0 [pid 2158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2158] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2158] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2158] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2159]}, 88) = 2159 [pid 2158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2158] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2158] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2158] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2160]}, 88) = 2160 [pid 2158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2158] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2158] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2159 attached [pid 2159] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2159] memfd_create("syzkaller", 0./strace-static-x86_64: Process 2160 attached ) = 3 [pid 2159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2160] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2160] creat("./bus", 000) = 4 [pid 2160] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2158] <... futex resumed>) = 0 [pid 2158] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2158] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2160] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2160] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2158] <... futex resumed>) = 0 [pid 2158] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2158] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2160] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2159] <... write resumed>) = 262144 [pid 2159] munmap(0x7f22d914f000, 138412032 [pid 2160] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2159] <... munmap resumed>) = 0 [pid 2159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2159] ioctl(6, LOOP_SET_FD, 3 [pid 2160] <... futex resumed>) = 1 [pid 2158] <... futex resumed>) = 0 [pid 2158] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2158] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2159] <... ioctl resumed>) = 0 [pid 2159] close(3) = 0 [pid 2159] close(6 [pid 2160] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2159] <... close resumed>) = 0 [pid 2159] mkdir("./file0", 0777) = 0 [pid 2160] <... mmap resumed>) = 0x20000000 [pid 2159] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2159] ioctl(3, LOOP_CLR_FD) = 0 [pid 2159] close(3) = 0 [pid 2159] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2160] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2158] <... futex resumed>) = 0 [pid 2158] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2159] <... futex resumed>) = 0 [pid 2159] memfd_create("syzkaller", 0) = 3 [pid 2159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2160] <... futex resumed>) = 1 [pid 2160] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2159] munmap(0x7f22d914f000, 138412032) = 0 [pid 2159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2159] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2159] ioctl(6, LOOP_CLR_FD) = 0 [pid 2159] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2159] close(6) = 0 [pid 2159] close(3) = 0 [pid 2159] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2158] exit_group(0) = ? [pid 2160] <... futex resumed>) = ? [pid 2159] <... futex resumed>) = ? [pid 2159] +++ exited with 0 +++ [pid 2160] +++ exited with 0 +++ [pid 2158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2158, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./576", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./576/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./576/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./576/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./576/bus") = 0 umount2("./576/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./576/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./576/binderfs") = 0 umount2("./576/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./576/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./576/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 51.717238][ T2159] loop0: detected capacity change from 0 to 512 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./576/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./576") = 0 mkdir("./577", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2161 ./strace-static-x86_64: Process 2161 attached [pid 2161] set_robust_list(0x5555564336a0, 24) = 0 [pid 2161] chdir("./577") = 0 [pid 2161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2161] setpgid(0, 0) = 0 [pid 2161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2161] write(3, "1000", 4) = 4 [pid 2161] close(3) = 0 [pid 2161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2161] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2161] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2161] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2162]}, 88) = 2162 ./strace-static-x86_64: Process 2162 attached [pid 2162] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2162] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2161] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2162] <... futex resumed>) = 0 [pid 2162] memfd_create("syzkaller", 0 [pid 2161] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2162] <... memfd_create resumed>) = 3 [pid 2161] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2163 attached => {parent_tid=[2163]}, 88) = 2163 [pid 2161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2161] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2163] set_robust_list(0x7f22e156f9a0, 24 [pid 2161] <... futex resumed>) = 0 [pid 2161] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2163] <... set_robust_list resumed>) = 0 [pid 2163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2163] creat("./bus", 000) = 4 [pid 2163] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2161] <... futex resumed>) = 0 [pid 2161] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2161] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2163] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2163] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2161] <... futex resumed>) = 0 [pid 2161] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2161] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2163] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2162] <... write resumed>) = 262144 [pid 2162] munmap(0x7f22d914f000, 138412032) = 0 [pid 2162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2162] ioctl(5, LOOP_SET_FD, 3 [pid 2163] <... open resumed>) = 6 [pid 2162] <... ioctl resumed>) = 0 [pid 2162] close(3) = 0 [pid 2162] close(5) = 0 [pid 2162] mkdir("./file0", 0777) = 0 [pid 2162] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2163] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2161] <... futex resumed>) = 0 [pid 2161] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2163] <... futex resumed>) = 1 [pid 2161] <... futex resumed>) = 0 [pid 2163] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2161] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2163] <... mmap resumed>) = 0x20000000 [pid 2163] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2161] <... futex resumed>) = 0 [pid 2161] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2163] <... futex resumed>) = 1 [pid 2163] memfd_create("syzkaller", 0) = 3 [pid 2163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2162] <... mount resumed>) = 0 [pid 2162] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY [pid 2163] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2162] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 2162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2162] ioctl(5, LOOP_CLR_FD) = 0 [pid 2162] close(5) = 0 [pid 2162] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2162] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2163] <... write resumed>) = 4194304 [pid 2163] munmap(0x7f22d914f000, 138412032) = 0 [pid 2163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2163] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2163] ioctl(5, LOOP_CLR_FD) = 0 [pid 2163] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2163] close(5) = 0 [pid 2163] close(3) = 0 [pid 2163] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2163] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2161] exit_group(0 [pid 2163] <... futex resumed>) = ? [pid 2161] <... exit_group resumed>) = ? [pid 2163] +++ exited with 0 +++ [pid 2162] <... futex resumed>) = ? [pid 2162] +++ exited with 0 +++ [pid 2161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2161, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./577", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./577/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./577/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./577/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./577/bus") = 0 umount2("./577/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./577/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./577/binderfs") = 0 umount2("./577/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./577/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./577/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./577/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 51.793199][ T2162] loop0: detected capacity change from 0 to 512 [ 51.805079][ T2162] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./577/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./577/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./577") = 0 mkdir("./578", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2165 ./strace-static-x86_64: Process 2165 attached [pid 2165] set_robust_list(0x5555564336a0, 24) = 0 [pid 2165] chdir("./578") = 0 [pid 2165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2165] setpgid(0, 0) = 0 [pid 2165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2165] write(3, "1000", 4) = 4 [pid 2165] close(3) = 0 [pid 2165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2165] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2165] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2165] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2166]}, 88) = 2166 [pid 2165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2165] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2165] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2165] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2167]}, 88) = 2167 [pid 2165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2165] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2165] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2167 attached [pid 2167] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2167] creat("./bus", 000) = 3 [pid 2167] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2165] <... futex resumed>) = 0 [pid 2165] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2165] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2167] <... futex resumed>) = 1 [pid 2167] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2167] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2165] <... futex resumed>) = 0 [pid 2165] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2165] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2167] <... futex resumed>) = 1 [pid 2167] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2167] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2165] <... futex resumed>) = 0 [pid 2165] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2165] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2167] <... futex resumed>) = 1 [pid 2167] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2167] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2165] <... futex resumed>) = 0 [pid 2165] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2167] <... futex resumed>) = 1 [pid 2167] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2167] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2166 attached [pid 2166] +++ killed by SIGBUS +++ [pid 2165] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2165, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./578", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./578/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./578/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./578/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./578/bus") = 0 umount2("./578/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./578/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./578/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./578") = 0 mkdir("./579", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2168 ./strace-static-x86_64: Process 2168 attached [pid 2168] set_robust_list(0x5555564336a0, 24) = 0 [pid 2168] chdir("./579") = 0 [pid 2168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2168] setpgid(0, 0) = 0 [pid 2168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2168] write(3, "1000", 4) = 4 [pid 2168] close(3) = 0 [pid 2168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2168] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2168] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2168] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2168] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2169 attached => {parent_tid=[2169]}, 88) = 2169 [pid 2169] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2169] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2168] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2169] <... futex resumed>) = 0 [pid 2168] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2169] memfd_create("syzkaller", 0) = 3 [pid 2169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2168] <... futex resumed>) = 0 [pid 2168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2168] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2170]}, 88) = 2170 [pid 2168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2168] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2168] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2170 attached ) = 262144 [pid 2170] set_robust_list(0x7f22d916f9a0, 24 [pid 2169] munmap(0x7f22d9170000, 138412032 [pid 2170] <... set_robust_list resumed>) = 0 [pid 2170] rt_sigprocmask(SIG_SETMASK, [], [pid 2169] <... munmap resumed>) = 0 [pid 2169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2169] ioctl(4, LOOP_SET_FD, 3 [pid 2170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2170] creat("./bus", 000) = 5 [pid 2170] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2168] <... futex resumed>) = 0 [pid 2168] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2168] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2170] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2170] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2168] <... futex resumed>) = 0 [pid 2168] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2168] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2170] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2170] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2168] <... futex resumed>) = 0 [pid 2168] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2168] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2170] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2169] <... ioctl resumed>) = 0 [pid 2169] close(3) = 0 [pid 2169] close(4) = 0 [pid 2169] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2169] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2169] ioctl(3, LOOP_CLR_FD) = 0 [pid 2169] close(3) = 0 [pid 2169] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2169] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2170] <... mmap resumed>) = 0x20000000 [pid 2170] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2168] <... futex resumed>) = 0 [pid 2170] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2168] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2169] <... futex resumed>) = 0 [pid 2169] memfd_create("syzkaller", 0) = 3 [pid 2169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2169] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2169] munmap(0x7f22d9170000, 138412032) = 0 [pid 2169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2169] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2169] ioctl(4, LOOP_CLR_FD) = 0 [pid 2169] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2169] close(4) = 0 [pid 2169] close(3) = 0 [pid 2169] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2169] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2168] exit_group(0 [pid 2170] <... futex resumed>) = ? [pid 2169] <... futex resumed>) = ? [pid 2168] <... exit_group resumed>) = ? [pid 2170] +++ exited with 0 +++ [pid 2169] +++ exited with 0 +++ [pid 2168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2168, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./579", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./579/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./579/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./579/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./579/bus") = 0 umount2("./579/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./579/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./579/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./579") = 0 mkdir("./580", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2171 attached [pid 2171] set_robust_list(0x5555564336a0, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2171 [pid 2171] chdir("./580") = 0 [pid 2171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2171] setpgid(0, 0) = 0 [pid 2171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2171] write(3, "1000", 4) = 4 [pid 2171] close(3) = 0 [pid 2171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2171] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2171] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2171] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2171] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2172]}, 88) = 2172 [pid 2171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2171] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2171] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2171] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 2172 attached ) = 0 [ 51.880974][ T2169] loop0: detected capacity change from 0 to 512 [pid 2172] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2171] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2172] rt_sigprocmask(SIG_SETMASK, [], [pid 2171] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2172] memfd_create("syzkaller", 0./strace-static-x86_64: Process 2173 attached [pid 2173] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2173] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2171] <... clone3 resumed> => {parent_tid=[2173]}, 88) = 2173 [pid 2172] <... memfd_create resumed>) = 3 [pid 2172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2171] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2172] <... mmap resumed>) = 0x7f22d914f000 [pid 2171] <... futex resumed>) = 1 [pid 2173] <... futex resumed>) = 0 [pid 2173] creat("./bus", 000 [pid 2171] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2173] <... creat resumed>) = 4 [pid 2173] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2171] <... futex resumed>) = 0 [pid 2171] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2171] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2173] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2173] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2171] <... futex resumed>) = 0 [pid 2171] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2171] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2173] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2173] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2171] <... futex resumed>) = 0 [pid 2171] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2171] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2173] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2172] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000c3e} --- [pid 2173] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2171] <... futex resumed>) = 0 [pid 2171] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2173] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2172] +++ killed by SIGBUS +++ [pid 2173] +++ killed by SIGBUS +++ [pid 2171] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2171, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./580", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./580/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./580/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./580/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./580/bus") = 0 umount2("./580/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./580/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./580/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./580") = 0 mkdir("./581", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2174 ./strace-static-x86_64: Process 2174 attached [pid 2174] set_robust_list(0x5555564336a0, 24) = 0 [pid 2174] chdir("./581") = 0 [pid 2174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2174] setpgid(0, 0) = 0 [pid 2174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2174] write(3, "1000", 4) = 4 [pid 2174] close(3) = 0 [pid 2174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2174] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2174] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2175 attached => {parent_tid=[2175]}, 88) = 2175 [pid 2175] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2175] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2174] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2174] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2175] <... futex resumed>) = 0 [pid 2175] memfd_create("syzkaller", 0 [pid 2174] <... futex resumed>) = 0 [pid 2175] <... memfd_create resumed>) = 3 [pid 2175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2174] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2176]}, 88) = 2176 [pid 2174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2174] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2176 attached [pid 2175] <... write resumed>) = 262144 [pid 2176] set_robust_list(0x7f22d916f9a0, 24 [pid 2175] munmap(0x7f22d9170000, 138412032 [pid 2176] <... set_robust_list resumed>) = 0 [pid 2175] <... munmap resumed>) = 0 [pid 2176] rt_sigprocmask(SIG_SETMASK, [], [pid 2175] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2175] <... openat resumed>) = 4 [pid 2176] creat("./bus", 000 [pid 2175] ioctl(4, LOOP_SET_FD, 3 [pid 2176] <... creat resumed>) = 5 [pid 2176] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2174] <... futex resumed>) = 0 [pid 2174] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2176] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2176] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2174] <... futex resumed>) = 0 [pid 2174] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2176] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2176] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2174] <... futex resumed>) = 0 [pid 2174] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2176] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2175] <... ioctl resumed>) = 0 [pid 2175] close(3) = 0 [pid 2175] close(4) = 0 [pid 2175] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2175] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2175] ioctl(3, LOOP_CLR_FD) = 0 [pid 2176] <... mmap resumed>) = 0x20000000 [pid 2175] close(3 [pid 2176] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2175] <... close resumed>) = 0 [pid 2176] <... futex resumed>) = 1 [pid 2175] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] <... futex resumed>) = 0 [pid 2174] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2175] <... futex resumed>) = 0 [pid 2175] memfd_create("syzkaller", 0) = 3 [pid 2175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2176] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2175] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2175] munmap(0x7f22d9170000, 138412032) = 0 [pid 2175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2175] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2175] ioctl(4, LOOP_CLR_FD) = 0 [pid 2175] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2175] close(4) = 0 [pid 2175] close(3) = 0 [pid 2175] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2175] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] exit_group(0 [pid 2176] <... futex resumed>) = ? [pid 2174] <... exit_group resumed>) = ? [pid 2176] +++ exited with 0 +++ [pid 2175] <... futex resumed>) = ? [pid 2175] +++ exited with 0 +++ [pid 2174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2174, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./581", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./581/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./581/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./581/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./581/bus") = 0 umount2("./581/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./581/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./581/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./581") = 0 mkdir("./582", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2177 ./strace-static-x86_64: Process 2177 attached [pid 2177] set_robust_list(0x5555564336a0, 24) = 0 [pid 2177] chdir("./582") = 0 [pid 2177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2177] setpgid(0, 0) = 0 [pid 2177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2177] write(3, "1000", 4) = 4 [pid 2177] close(3) = 0 [pid 2177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2177] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2177] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2177] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2178]}, 88) = 2178 [pid 2177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2177] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2177] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2177] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2179]}, 88) = 2179 [pid 2177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2177] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2177] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2178 attached [pid 2178] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2178] memfd_create("syzkaller", 0) = 3 [pid 2178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2179 attached [pid 2179] set_robust_list(0x7f22e156f9a0, 24 [pid 2178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2179] <... set_robust_list resumed>) = 0 [pid 2179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 51.966061][ T2175] loop0: detected capacity change from 0 to 512 [pid 2179] creat("./bus", 000) = 4 [pid 2179] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2177] <... futex resumed>) = 0 [pid 2177] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2177] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2179] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2179] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2177] <... futex resumed>) = 0 [pid 2177] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2177] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2179] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2178] <... write resumed>) = 262144 [pid 2179] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2178] munmap(0x7f22d914f000, 138412032 [pid 2179] <... futex resumed>) = 1 [pid 2177] <... futex resumed>) = 0 [pid 2177] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2177] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2179] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2178] <... munmap resumed>) = 0 [pid 2179] <... mmap resumed>) = 0x20000000 [pid 2178] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2179] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2178] <... openat resumed>) = 6 [pid 2177] <... futex resumed>) = 0 [pid 2177] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2178] ioctl(6, LOOP_SET_FD, 3) = ? [pid 2179] +++ killed by SIGBUS +++ [pid 2178] +++ killed by SIGBUS +++ [pid 2177] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2177, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./582", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./582/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./582/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./582/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./582/bus") = 0 umount2("./582/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./582/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./582/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./582") = 0 mkdir("./583", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2180 ./strace-static-x86_64: Process 2180 attached [pid 2180] set_robust_list(0x5555564336a0, 24) = 0 [pid 2180] chdir("./583") = 0 [pid 2180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2180] setpgid(0, 0) = 0 [pid 2180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2180] write(3, "1000", 4) = 4 [pid 2180] close(3) = 0 [pid 2180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2180] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2180] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2180] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2181 attached => {parent_tid=[2181]}, 88) = 2181 [pid 2181] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2181] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2180] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2181] <... futex resumed>) = 0 [pid 2180] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2181] memfd_create("syzkaller", 0 [pid 2180] <... futex resumed>) = 0 [pid 2181] <... memfd_create resumed>) = 3 [pid 2181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2180] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2182]}, 88) = 2182 [pid 2180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2180] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2180] <... futex resumed>) = 0 [pid 2180] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2181] <... write resumed>) = 262144 [pid 2181] munmap(0x7f22d9170000, 138412032./strace-static-x86_64: Process 2182 attached [pid 2182] set_robust_list(0x7f22d916f9a0, 24 [pid 2181] <... munmap resumed>) = 0 [pid 2182] <... set_robust_list resumed>) = 0 [pid 2181] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2181] <... openat resumed>) = 4 [pid 2182] creat("./bus", 000 [pid 2181] ioctl(4, LOOP_SET_FD, 3 [pid 2182] <... creat resumed>) = 5 [pid 2182] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2181] <... ioctl resumed>) = 0 [pid 2182] <... futex resumed>) = 1 [pid 2181] close(3 [pid 2180] <... futex resumed>) = 0 [pid 2182] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2181] <... close resumed>) = 0 [pid 2180] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2182] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2180] <... futex resumed>) = 0 [pid 2182] <... mount resumed>) = 0 [pid 2180] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2182] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2181] close(4 [pid 2182] <... futex resumed>) = 1 [pid 2180] <... futex resumed>) = 0 [pid 2182] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2181] <... close resumed>) = 0 [pid 2180] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2182] <... open resumed>) = 3 [pid 2180] <... futex resumed>) = 0 [pid 2182] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2180] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2182] <... futex resumed>) = 0 [pid 2180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2182] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2180] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2182] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2180] <... futex resumed>) = 0 [pid 2180] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2181] mkdir(0x200000c0, 0777 [pid 2182] <... mmap resumed>) = 0x20000000 [pid 2182] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2181] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2180] <... futex resumed>) = 0 [pid 2182] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2180] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2181] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 2182] memfd_create("syzkaller", 0) = 4 [pid 2182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2181] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 2181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2181] ioctl(6, LOOP_CLR_FD) = 0 [pid 2181] close(6) = 0 [pid 2181] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2181] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2182] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2182] munmap(0x7f22d9170000, 138412032) = 0 [pid 2182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2182] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2182] ioctl(6, LOOP_CLR_FD) = 0 [pid 2182] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2182] close(6) = 0 [pid 2182] close(4) = 0 [pid 2182] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2182] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2180] exit_group(0 [pid 2182] <... futex resumed>) = ? [pid 2180] <... exit_group resumed>) = ? [pid 2181] <... futex resumed>) = ? [pid 2181] +++ exited with 0 +++ [pid 2182] +++ exited with 0 +++ [pid 2180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2180, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./583", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./583/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./583/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./583/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./583/bus") = 0 umount2("./583/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./583/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./583/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./583") = 0 mkdir("./584", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2183 ./strace-static-x86_64: Process 2183 attached [pid 2183] set_robust_list(0x5555564336a0, 24) = 0 [pid 2183] chdir("./584") = 0 [pid 2183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2183] setpgid(0, 0) = 0 [pid 2183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2183] write(3, "1000", 4) = 4 [pid 2183] close(3) = 0 [ 52.049528][ T2181] loop0: detected capacity change from 0 to 512 [pid 2183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2183] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2183] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2183] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2184 attached => {parent_tid=[2184]}, 88) = 2184 [pid 2184] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2184] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2183] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2184] <... futex resumed>) = 0 [pid 2183] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2184] memfd_create("syzkaller", 0 [pid 2183] <... futex resumed>) = 0 [pid 2184] <... memfd_create resumed>) = 3 [pid 2184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2183] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2185]}, 88) = 2185 [pid 2183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2183] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2183] <... futex resumed>) = 0 [pid 2183] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2185 attached [pid 2184] <... write resumed>) = 262144 [pid 2185] set_robust_list(0x7f22d916f9a0, 24 [pid 2184] munmap(0x7f22d9170000, 138412032 [pid 2185] <... set_robust_list resumed>) = 0 [pid 2184] <... munmap resumed>) = 0 [pid 2184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2184] ioctl(4, LOOP_SET_FD, 3 [pid 2185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2185] creat("./bus", 000) = 5 [pid 2185] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2183] <... futex resumed>) = 0 [pid 2183] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2183] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2185] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2185] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2183] <... futex resumed>) = 0 [pid 2183] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2183] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2185] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2185] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2183] <... futex resumed>) = 0 [pid 2183] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2183] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2185] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2184] <... ioctl resumed>) = 0 [pid 2184] close(3) = 0 [pid 2184] close(4) = 0 [pid 2184] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2184] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2184] ioctl(3, LOOP_CLR_FD) = 0 [pid 2184] close(3) = 0 [pid 2184] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2185] <... mmap resumed>) = 0x20000000 [pid 2185] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2183] <... futex resumed>) = 0 [pid 2183] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2184] <... futex resumed>) = 0 [pid 2184] memfd_create("syzkaller", 0) = 3 [pid 2184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2185] <... futex resumed>) = 1 [pid 2185] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2184] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2184] munmap(0x7f22d9170000, 138412032) = 0 [pid 2184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2184] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2184] ioctl(4, LOOP_CLR_FD) = 0 [pid 2184] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2184] close(4) = 0 [pid 2184] close(3) = 0 [pid 2184] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2183] exit_group(0) = ? [pid 2185] <... futex resumed>) = ? [pid 2185] +++ exited with 0 +++ [pid 2184] <... futex resumed>) = ? [pid 2184] +++ exited with 0 +++ [pid 2183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2183, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./584", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./584/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./584/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./584/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./584/bus") = 0 umount2("./584/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./584/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./584/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./584") = 0 mkdir("./585", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2186 ./strace-static-x86_64: Process 2186 attached [pid 2186] set_robust_list(0x5555564336a0, 24) = 0 [pid 2186] chdir("./585") = 0 [pid 2186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2186] setpgid(0, 0) = 0 [pid 2186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2186] write(3, "1000", 4) = 4 [pid 2186] close(3) = 0 [pid 2186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2186] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2186] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2186] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2187 attached [pid 2187] set_robust_list(0x7f22e15909a0, 24 [pid 2186] <... clone3 resumed> => {parent_tid=[2187]}, 88) = 2187 [pid 2187] <... set_robust_list resumed>) = 0 [pid 2186] rt_sigprocmask(SIG_SETMASK, [], [pid 2187] rt_sigprocmask(SIG_SETMASK, [], [pid 2186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2186] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2187] memfd_create("syzkaller", 0 [pid 2186] <... futex resumed>) = 0 [pid 2187] <... memfd_create resumed>) = 3 [pid 2186] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2186] <... futex resumed>) = 0 [pid 2186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2187] <... mmap resumed>) = 0x7f22d9170000 [pid 2186] <... mmap resumed>) = 0x7f22d914f000 [pid 2186] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 52.118622][ T2184] loop0: detected capacity change from 0 to 512 [pid 2186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2188 attached => {parent_tid=[2188]}, 88) = 2188 [pid 2188] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2188] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2186] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2188] <... futex resumed>) = 0 [pid 2188] creat("./bus", 000 [pid 2186] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2188] <... creat resumed>) = 4 [pid 2188] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2188] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2186] <... futex resumed>) = 0 [pid 2186] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2188] <... futex resumed>) = 0 [pid 2188] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2186] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2188] <... mount resumed>) = 0 [pid 2188] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2186] <... futex resumed>) = 0 [pid 2188] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2186] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2186] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2188] <... open resumed>) = 5 [pid 2188] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2187] <... write resumed>) = 262144 [pid 2186] <... futex resumed>) = 0 [pid 2188] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2187] munmap(0x7f22d9170000, 138412032 [pid 2186] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2186] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2187] <... munmap resumed>) = 0 [pid 2188] <... futex resumed>) = 0 [pid 2187] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2188] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2187] <... openat resumed>) = 6 [pid 2188] <... mmap resumed>) = 0x20000000 [pid 2187] ioctl(6, LOOP_SET_FD, 3 [pid 2188] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2186] <... futex resumed>) = 0 [pid 2186] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2188] <... futex resumed>) = 1 [pid 2187] <... ioctl resumed>) = 0 [pid 2187] close(3) = 0 [pid 2187] close(6 [pid 2188] memfd_create("syzkaller", 0) = 3 [pid 2188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2187] <... close resumed>) = 0 [pid 2187] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2187] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2187] ioctl(6, LOOP_CLR_FD) = 0 [pid 2187] close(6) = 0 [pid 2187] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2187] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2188] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2188] munmap(0x7f22d9170000, 138412032) = 0 [pid 2188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2188] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2188] ioctl(6, LOOP_CLR_FD) = 0 [pid 2188] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2188] close(6) = 0 [pid 2188] close(3) = 0 [pid 2188] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2188] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2186] exit_group(0) = ? [pid 2187] <... futex resumed>) = ? [pid 2187] +++ exited with 0 +++ [pid 2188] <... futex resumed>) = ? [pid 2188] +++ exited with 0 +++ [pid 2186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2186, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./585", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./585/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./585/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./585/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./585/bus") = 0 umount2("./585/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./585/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./585/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./585") = 0 mkdir("./586", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2189 ./strace-static-x86_64: Process 2189 attached [pid 2189] set_robust_list(0x5555564336a0, 24) = 0 [pid 2189] chdir("./586") = 0 [pid 2189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2189] setpgid(0, 0) = 0 [ 52.183975][ T2187] loop0: detected capacity change from 0 to 512 [ 52.184962][ T2188] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 25 prio class 2 [pid 2189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2189] write(3, "1000", 4) = 4 [pid 2189] close(3) = 0 [pid 2189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2189] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2189] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2190 attached [pid 2190] set_robust_list(0x7f22e15909a0, 24 [pid 2189] <... clone3 resumed> => {parent_tid=[2190]}, 88) = 2190 [pid 2190] <... set_robust_list resumed>) = 0 [pid 2189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2189] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2189] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2191 attached => {parent_tid=[2191]}, 88) = 2191 [pid 2189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2189] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2190] memfd_create("syzkaller", 0 [pid 2191] set_robust_list(0x7f22e156f9a0, 24 [pid 2190] <... memfd_create resumed>) = 3 [pid 2190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2191] <... set_robust_list resumed>) = 0 [pid 2191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2191] creat("./bus", 000) = 4 [pid 2191] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2189] <... futex resumed>) = 0 [pid 2189] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2191] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2191] <... mount resumed>) = 0 [pid 2191] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2189] <... futex resumed>) = 0 [pid 2189] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2191] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2190] <... write resumed>) = 262144 [pid 2190] munmap(0x7f22d914f000, 138412032) = 0 [pid 2190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2190] ioctl(6, LOOP_SET_FD, 3 [pid 2191] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2190] <... ioctl resumed>) = 0 [pid 2190] close(3) = 0 [pid 2190] close(6) = 0 [pid 2190] mkdir("./file0", 0777) = 0 [pid 2189] <... futex resumed>) = 0 [pid 2191] <... futex resumed>) = 1 [pid 2190] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2189] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2191] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2189] <... futex resumed>) = 0 [pid 2189] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2191] <... mmap resumed>) = 0x20000000 [pid 2191] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2189] <... futex resumed>) = 0 [pid 2189] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2191] <... futex resumed>) = 1 [pid 2191] memfd_create("syzkaller", 0) = 3 [pid 2191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2191] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2190] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2190] ioctl(6, LOOP_CLR_FD) = 0 [pid 2190] close(6) = 0 [pid 2190] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2190] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2191] <... write resumed>) = 4194304 [pid 2191] munmap(0x7f22d914f000, 138412032) = 0 [pid 2191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2191] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2191] ioctl(6, LOOP_CLR_FD) = 0 [pid 2191] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2191] close(6) = 0 [pid 2191] close(3) = 0 [pid 2191] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2191] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2189] exit_group(0 [pid 2190] <... futex resumed>) = ? [pid 2189] <... exit_group resumed>) = ? [pid 2190] +++ exited with 0 +++ [pid 2191] <... futex resumed>) = ? [pid 2191] +++ exited with 0 +++ [pid 2189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2189, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./586", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./586/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./586/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./586/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./586/bus") = 0 umount2("./586/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./586/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./586/binderfs") = 0 umount2("./586/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./586/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./586/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./586/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./586") = 0 mkdir("./587", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2193 ./strace-static-x86_64: Process 2193 attached [pid 2193] set_robust_list(0x5555564336a0, 24) = 0 [pid 2193] chdir("./587") = 0 [pid 2193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2193] setpgid(0, 0) = 0 [pid 2193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2193] write(3, "1000", 4) = 4 [pid 2193] close(3) = 0 [pid 2193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2193] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2193] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2193] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2193] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2194 attached => {parent_tid=[2194]}, 88) = 2194 [pid 2194] set_robust_list(0x7f22e15909a0, 24 [pid 2193] rt_sigprocmask(SIG_SETMASK, [], [pid 2194] <... set_robust_list resumed>) = 0 [pid 2193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2194] rt_sigprocmask(SIG_SETMASK, [], [pid 2193] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2193] <... futex resumed>) = 0 [pid 2194] memfd_create("syzkaller", 0 [pid 2193] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] <... memfd_create resumed>) = 3 [pid 2193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2193] <... mmap resumed>) = 0x7f22e154f000 [pid 2194] <... mmap resumed>) = 0x7f22d914f000 [pid 2193] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2195]}, 88) = 2195 [pid 2193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2193] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2193] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2195 attached [pid 2194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2195] set_robust_list(0x7f22e156f9a0, 24 [pid 2194] <... write resumed>) = 262144 [pid 2195] <... set_robust_list resumed>) = 0 [pid 2194] munmap(0x7f22d914f000, 138412032 [pid 2195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2194] <... munmap resumed>) = 0 [pid 2195] creat("./bus", 000 [pid 2194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 52.254314][ T2190] loop0: detected capacity change from 0 to 512 [ 52.267299][ T2190] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 52.279893][ T2190] EXT4-fs (loop0): get root inode failed [ 52.285697][ T2190] EXT4-fs (loop0): mount failed [pid 2194] ioctl(5, LOOP_SET_FD, 3 [pid 2195] <... creat resumed>) = 4 [pid 2194] <... ioctl resumed>) = 0 [pid 2195] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2194] close(3 [pid 2195] <... futex resumed>) = 1 [pid 2194] <... close resumed>) = 0 [pid 2193] <... futex resumed>) = 0 [pid 2195] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2194] close(5 [pid 2195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2193] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2195] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2194] <... close resumed>) = 0 [pid 2193] <... futex resumed>) = 0 [pid 2195] <... mount resumed>) = 0 [pid 2194] mkdir("./file0", 0777 [pid 2193] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2195] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2193] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2195] <... futex resumed>) = 0 [pid 2193] <... futex resumed>) = 0 [pid 2195] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2193] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2194] <... mkdir resumed>) = 0 [pid 2195] <... open resumed>) = 3 [pid 2194] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2195] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2193] <... futex resumed>) = 0 [pid 2195] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2193] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2193] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2195] <... mmap resumed>) = 0x20000000 [pid 2195] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2193] <... futex resumed>) = 0 [pid 2195] memfd_create("syzkaller", 0 [pid 2193] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2195] <... memfd_create resumed>) = 5 [pid 2195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2194] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2194] ioctl(6, LOOP_CLR_FD) = 0 [pid 2194] close(6) = 0 [pid 2194] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2195] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2195] munmap(0x7f22d914f000, 138412032) = 0 [pid 2195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2195] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2195] ioctl(6, LOOP_CLR_FD) = 0 [pid 2195] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2195] close(6) = 0 [pid 2195] close(5) = 0 [pid 2195] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2193] exit_group(0 [pid 2194] <... futex resumed>) = ? [pid 2193] <... exit_group resumed>) = ? [pid 2194] +++ exited with 0 +++ [pid 2195] +++ exited with 0 +++ [pid 2193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2193, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./587", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./587/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./587/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./587/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./587/bus") = 0 umount2("./587/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./587/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./587/binderfs") = 0 umount2("./587/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./587/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./587/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./587/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./587") = 0 mkdir("./588", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2197 ./strace-static-x86_64: Process 2197 attached [pid 2197] set_robust_list(0x5555564336a0, 24) = 0 [pid 2197] chdir("./588") = 0 [pid 2197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2197] setpgid(0, 0) = 0 [pid 2197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 52.328388][ T2194] loop0: detected capacity change from 0 to 512 [ 52.338953][ T2194] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 52.353695][ T2194] EXT4-fs (loop0): get root inode failed [ 52.359167][ T2194] EXT4-fs (loop0): mount failed [pid 2197] write(3, "1000", 4) = 4 [pid 2197] close(3) = 0 [pid 2197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2197] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2197] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2197] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2197] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2199]}, 88) = 2199 [pid 2197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2197] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2197] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2197] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2200]}, 88) = 2200 [pid 2197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2197] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2197] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2199 attached [pid 2199] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2199] memfd_create("syzkaller", 0) = 3 [pid 2199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2200 attached [pid 2199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2200] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2200] creat("./bus", 000) = 4 [pid 2200] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2199] <... write resumed>) = 262144 [pid 2197] <... futex resumed>) = 0 [pid 2197] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2197] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2199] munmap(0x7f22d914f000, 138412032) = 0 [pid 2199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2199] ioctl(5, LOOP_SET_FD, 3 [pid 2200] <... futex resumed>) = 1 [pid 2199] <... ioctl resumed>) = 0 [pid 2199] close(3) = 0 [pid 2199] close(5) = 0 [pid 2199] mkdir("./file0", 0777) = 0 [pid 2199] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2200] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2200] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2197] <... futex resumed>) = 0 [pid 2197] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2197] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2200] <... futex resumed>) = 1 [pid 2200] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2200] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2197] <... futex resumed>) = 0 [pid 2197] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2197] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2200] <... futex resumed>) = 1 [pid 2200] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2200] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2197] <... futex resumed>) = 0 [pid 2197] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2200] <... futex resumed>) = 1 [pid 2200] memfd_create("syzkaller", 0) = 5 [pid 2200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2199] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2199] ioctl(6, LOOP_CLR_FD) = 0 [pid 2199] close(6) = 0 [pid 2200] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2199] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2199] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2200] <... write resumed>) = 4194304 [pid 2200] munmap(0x7f22d914f000, 138412032) = 0 [pid 2200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2200] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2200] ioctl(6, LOOP_CLR_FD) = 0 [pid 2200] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2200] close(6) = 0 [pid 2200] close(5) = 0 [pid 2200] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2200] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2197] exit_group(0 [pid 2199] <... futex resumed>) = ? [pid 2197] <... exit_group resumed>) = ? [pid 2199] +++ exited with 0 +++ [pid 2200] <... futex resumed>) = ? [pid 2200] +++ exited with 0 +++ [pid 2197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2197, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./588", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./588/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./588/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./588/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./588/bus") = 0 umount2("./588/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./588/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./588/binderfs") = 0 umount2("./588/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./588/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./588/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./588/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./588") = 0 mkdir("./589", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2202 ./strace-static-x86_64: Process 2202 attached [pid 2202] set_robust_list(0x5555564336a0, 24) = 0 [pid 2202] chdir("./589") = 0 [pid 2202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2202] setpgid(0, 0) = 0 [pid 2202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2202] write(3, "1000", 4) = 4 [pid 2202] close(3) = 0 [pid 2202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2202] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2202] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2202] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2202] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2203]}, 88) = 2203 [pid 2202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2202] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2202] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 ./strace-static-x86_64: Process 2203 attached [pid 2202] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2202] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2203] set_robust_list(0x7f22e15909a0, 24 [pid 2202] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2204]}, 88) = 2204 ./strace-static-x86_64: Process 2204 attached [pid 2203] <... set_robust_list resumed>) = 0 [pid 2202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2202] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2202] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2204] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2204] creat("./bus", 000 [pid 2203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2204] <... creat resumed>) = 3 [pid 2203] memfd_create("syzkaller", 0 [pid 2204] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2202] <... futex resumed>) = 0 [pid 2202] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2202] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2204] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2204] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2202] <... futex resumed>) = 0 [pid 2202] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2202] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2204] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2204] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2202] <... futex resumed>) = 0 [pid 2202] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2202] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2204] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2204] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2202] <... futex resumed>) = 0 [pid 2202] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2204] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2203] <... memfd_create resumed>) = ? [pid 2203] +++ killed by SIGBUS +++ [pid 2204] +++ killed by SIGBUS +++ [pid 2202] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2202, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./589", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 52.421917][ T2199] loop0: detected capacity change from 0 to 512 [ 52.434359][ T2199] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 52.447136][ T2199] EXT4-fs (loop0): get root inode failed [ 52.452793][ T2199] EXT4-fs (loop0): mount failed openat(AT_FDCWD, "./589", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./589/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./589/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./589/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./589/bus") = 0 umount2("./589/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./589/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./589/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./589") = 0 mkdir("./590", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2205 ./strace-static-x86_64: Process 2205 attached [pid 2205] set_robust_list(0x5555564336a0, 24) = 0 [pid 2205] chdir("./590") = 0 [pid 2205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2205] setpgid(0, 0) = 0 [pid 2205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2205] write(3, "1000", 4) = 4 [pid 2205] close(3) = 0 [pid 2205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2205] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2205] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2205] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2205] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2206 attached => {parent_tid=[2206]}, 88) = 2206 [pid 2206] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2206] rt_sigprocmask(SIG_SETMASK, [], [pid 2205] rt_sigprocmask(SIG_SETMASK, [], [pid 2206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2206] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2205] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2206] <... futex resumed>) = 0 [pid 2206] memfd_create("syzkaller", 0 [pid 2205] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2206] <... memfd_create resumed>) = 3 [pid 2206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2205] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2207 attached => {parent_tid=[2207]}, 88) = 2207 [pid 2207] set_robust_list(0x7f22d916f9a0, 24 [pid 2205] rt_sigprocmask(SIG_SETMASK, [], [pid 2207] <... set_robust_list resumed>) = 0 [pid 2206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2205] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2207] rt_sigprocmask(SIG_SETMASK, [], [pid 2205] <... futex resumed>) = 0 [pid 2207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2205] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2207] creat("./bus", 000) = 4 [pid 2207] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2205] <... futex resumed>) = 0 [pid 2207] <... futex resumed>) = 1 [pid 2206] <... write resumed>) = 262144 [pid 2207] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2205] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2206] munmap(0x7f22d9170000, 138412032 [pid 2205] <... futex resumed>) = 0 [pid 2205] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2207] <... mount resumed>) = 0 [pid 2207] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2206] <... munmap resumed>) = 0 [pid 2207] <... futex resumed>) = 1 [pid 2206] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2205] <... futex resumed>) = 0 [pid 2205] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2205] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2207] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2206] <... openat resumed>) = 5 [pid 2207] <... open resumed>) = 6 [pid 2206] ioctl(5, LOOP_SET_FD, 3 [pid 2207] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2205] <... futex resumed>) = 0 [pid 2205] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2205] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2207] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2206] <... ioctl resumed>) = 0 [pid 2206] close(3) = 0 [pid 2206] close(5 [pid 2207] <... mmap resumed>) = 0x20000000 [pid 2206] <... close resumed>) = 0 [pid 2206] mkdir(0x200000c0, 0777 [pid 2207] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2206] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2207] <... futex resumed>) = 1 [pid 2206] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 2205] <... futex resumed>) = 0 [pid 2205] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2206] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 2207] memfd_create("syzkaller", 0 [pid 2206] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2207] <... memfd_create resumed>) = 3 [pid 2207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2206] <... openat resumed>) = 5 [pid 2206] ioctl(5, LOOP_CLR_FD) = 0 [pid 2206] close(5 [pid 2207] <... mmap resumed>) = 0x7f22d9170000 [pid 2206] <... close resumed>) = 0 [pid 2206] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2206] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2207] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2207] munmap(0x7f22d9170000, 138412032) = 0 [pid 2207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2207] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2207] ioctl(5, LOOP_CLR_FD) = 0 [pid 2207] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2207] close(5) = 0 [pid 2207] close(3) = 0 [pid 2207] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2207] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2205] exit_group(0 [pid 2206] <... futex resumed>) = ? [pid 2205] <... exit_group resumed>) = ? [pid 2206] +++ exited with 0 +++ [pid 2207] <... futex resumed>) = ? [pid 2207] +++ exited with 0 +++ [pid 2205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2205, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./590", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./590/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./590/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./590/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./590/bus") = 0 umount2("./590/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./590/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 52.521099][ T2206] loop0: detected capacity change from 0 to 512 [ 52.527999][ T2207] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 18 prio class 2 unlink("./590/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./590") = 0 mkdir("./591", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2208 ./strace-static-x86_64: Process 2208 attached [pid 2208] set_robust_list(0x5555564336a0, 24) = 0 [pid 2208] chdir("./591") = 0 [pid 2208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2208] setpgid(0, 0) = 0 [pid 2208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2208] write(3, "1000", 4) = 4 [pid 2208] close(3) = 0 [pid 2208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2208] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2208] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2208] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2208] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2209 attached => {parent_tid=[2209]}, 88) = 2209 [pid 2209] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2209] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2208] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2209] <... futex resumed>) = 0 [pid 2208] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2209] memfd_create("syzkaller", 0) = 3 [pid 2209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2208] <... futex resumed>) = 0 [pid 2208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2208] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2209] <... write resumed>) = 262144 [pid 2208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2209] munmap(0x7f22d9170000, 138412032./strace-static-x86_64: Process 2210 attached [pid 2208] <... clone3 resumed> => {parent_tid=[2210]}, 88) = 2210 [pid 2209] <... munmap resumed>) = 0 [pid 2210] set_robust_list(0x7f22d916f9a0, 24 [pid 2209] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2209] <... openat resumed>) = 4 [pid 2210] <... set_robust_list resumed>) = 0 [pid 2209] ioctl(4, LOOP_SET_FD, 3 [pid 2208] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] rt_sigprocmask(SIG_SETMASK, [], [pid 2209] <... ioctl resumed>) = 0 [pid 2208] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2209] close(3 [pid 2210] creat("./bus", 000 [pid 2209] <... close resumed>) = 0 [pid 2210] <... creat resumed>) = 3 [pid 2209] close(4 [pid 2210] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2208] <... futex resumed>) = 0 [pid 2208] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] <... futex resumed>) = 1 [pid 2208] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2210] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2210] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2208] <... futex resumed>) = 0 [pid 2210] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2208] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2208] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2210] <... open resumed>) = 4 [pid 2210] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2208] <... futex resumed>) = 0 [pid 2210] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2208] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2208] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2209] <... close resumed>) = 0 [pid 2210] <... mmap resumed>) = 0x20000000 [pid 2210] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2209] mkdir(0x200000c0, 0777 [pid 2210] <... futex resumed>) = 1 [pid 2209] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2208] <... futex resumed>) = 0 [pid 2208] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] memfd_create("syzkaller", 0 [pid 2209] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 2210] <... memfd_create resumed>) = 5 [pid 2209] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 2210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2209] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2210] <... mmap resumed>) = 0x7f22d9170000 [pid 2209] <... openat resumed>) = 6 [pid 2209] ioctl(6, LOOP_CLR_FD) = 0 [pid 2209] close(6) = 0 [pid 2209] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2209] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2210] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2210] munmap(0x7f22d9170000, 138412032) = 0 [pid 2210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2210] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2210] ioctl(6, LOOP_CLR_FD) = 0 [pid 2210] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2210] close(6) = 0 [pid 2210] close(5) = 0 [pid 2210] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2208] exit_group(0 [pid 2209] <... futex resumed>) = ? [pid 2210] <... futex resumed>) = ? [pid 2208] <... exit_group resumed>) = ? [pid 2209] +++ exited with 0 +++ [pid 2210] +++ exited with 0 +++ [pid 2208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2208, si_uid=0, si_status=0, si_utime=1, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./591", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./591/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 52.608090][ T2209] loop0: detected capacity change from 0 to 512 umount2("./591/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./591/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./591/bus") = 0 umount2("./591/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./591/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./591/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./591") = 0 mkdir("./592", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2211 ./strace-static-x86_64: Process 2211 attached [pid 2211] set_robust_list(0x5555564336a0, 24) = 0 [pid 2211] chdir("./592") = 0 [pid 2211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2211] setpgid(0, 0) = 0 [pid 2211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2211] write(3, "1000", 4) = 4 [pid 2211] close(3) = 0 [pid 2211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2211] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2211] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2211] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2211] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2212 attached => {parent_tid=[2212]}, 88) = 2212 [pid 2212] set_robust_list(0x7f22e15909a0, 24 [pid 2211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2212] <... set_robust_list resumed>) = 0 [pid 2212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2212] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2211] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2212] <... futex resumed>) = 0 [pid 2212] memfd_create("syzkaller", 0 [pid 2211] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2212] <... memfd_create resumed>) = 3 [pid 2212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2211] <... futex resumed>) = 0 [pid 2211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2211] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2211] <... clone3 resumed> => {parent_tid=[2213]}, 88) = 2213 [pid 2211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2211] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2213 attached [pid 2212] <... write resumed>) = 262144 [pid 2213] set_robust_list(0x7f22d916f9a0, 24 [pid 2212] munmap(0x7f22d9170000, 138412032 [pid 2211] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2213] <... set_robust_list resumed>) = 0 [pid 2212] <... munmap resumed>) = 0 [pid 2212] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2212] <... openat resumed>) = 4 [pid 2213] creat("./bus", 000 [pid 2212] ioctl(4, LOOP_SET_FD, 3 [pid 2213] <... creat resumed>) = 5 [pid 2213] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2211] <... futex resumed>) = 0 [pid 2211] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2211] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2213] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2213] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2211] <... futex resumed>) = 0 [pid 2211] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2211] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2213] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2213] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2211] <... futex resumed>) = 0 [pid 2211] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2211] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2213] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2212] <... ioctl resumed>) = 0 [pid 2212] close(3) = 0 [pid 2212] close(4) = 0 [pid 2212] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2212] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2212] ioctl(3, LOOP_CLR_FD) = 0 [pid 2212] close(3) = 0 [pid 2212] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2212] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2213] <... mmap resumed>) = 0x20000000 [pid 2213] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2213] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2211] <... futex resumed>) = 0 [pid 2211] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2212] <... futex resumed>) = 0 [pid 2212] memfd_create("syzkaller", 0) = 3 [pid 2212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2212] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2212] munmap(0x7f22d9170000, 138412032) = 0 [pid 2212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2212] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2212] ioctl(4, LOOP_CLR_FD) = 0 [pid 2212] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2212] close(4) = 0 [pid 2212] close(3) = 0 [pid 2212] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2211] exit_group(0) = ? [pid 2213] <... futex resumed>) = ? [pid 2213] +++ exited with 0 +++ [pid 2212] +++ exited with 0 +++ [pid 2211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2211, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./592", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./592/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./592/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./592/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./592/bus") = 0 umount2("./592/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./592/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./592/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./592") = 0 mkdir("./593", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2214 ./strace-static-x86_64: Process 2214 attached [pid 2214] set_robust_list(0x5555564336a0, 24) = 0 [pid 2214] chdir("./593") = 0 [pid 2214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2214] setpgid(0, 0) = 0 [pid 2214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2214] write(3, "1000", 4) = 4 [pid 2214] close(3) = 0 [pid 2214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2214] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 52.694749][ T2212] loop0: detected capacity change from 0 to 512 [pid 2214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2214] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2215 attached => {parent_tid=[2215]}, 88) = 2215 [pid 2215] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2215] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2214] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2215] <... futex resumed>) = 0 [pid 2214] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2215] memfd_create("syzkaller", 0) = 3 [pid 2215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2214] <... futex resumed>) = 0 [pid 2214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2214] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2216]}, 88) = 2216 [pid 2214] rt_sigprocmask(SIG_SETMASK, [], [pid 2215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2214] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2216 attached [pid 2215] <... write resumed>) = 262144 [pid 2215] munmap(0x7f22d9170000, 138412032) = 0 [pid 2215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2215] ioctl(4, LOOP_SET_FD, 3 [pid 2216] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2216] creat("./bus", 000) = 5 [pid 2216] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2216] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2216] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2216] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2216] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2216] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2215] <... ioctl resumed>) = 0 [pid 2215] close(3) = 0 [pid 2215] close(4 [pid 2216] <... mmap resumed>) = 0x20000000 [pid 2215] <... close resumed>) = 0 [pid 2215] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2215] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2215] ioctl(3, LOOP_CLR_FD) = 0 [pid 2215] close(3) = 0 [pid 2215] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2215] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2216] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2215] <... futex resumed>) = 0 [pid 2216] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2215] memfd_create("syzkaller", 0) = 3 [pid 2215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2215] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2215] munmap(0x7f22d9170000, 138412032) = 0 [pid 2215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2215] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2215] ioctl(4, LOOP_CLR_FD) = 0 [pid 2215] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2215] close(4) = 0 [pid 2215] close(3) = 0 [pid 2215] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2215] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2214] exit_group(0) = ? [pid 2216] <... futex resumed>) = ? [pid 2216] +++ exited with 0 +++ [pid 2215] <... futex resumed>) = ? [pid 2215] +++ exited with 0 +++ [pid 2214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2214, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./593", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./593/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./593/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./593/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./593/bus") = 0 umount2("./593/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./593/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./593/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./593") = 0 mkdir("./594", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2217 ./strace-static-x86_64: Process 2217 attached [pid 2217] set_robust_list(0x5555564336a0, 24) = 0 [pid 2217] chdir("./594") = 0 [pid 2217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2217] setpgid(0, 0) = 0 [pid 2217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2217] write(3, "1000", 4) = 4 [pid 2217] close(3) = 0 [pid 2217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2217] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2217] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2217] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2217] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2218 attached [pid 2218] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2218] rt_sigprocmask(SIG_SETMASK, [], [pid 2217] <... clone3 resumed> => {parent_tid=[2218]}, 88) = 2218 [pid 2218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2217] rt_sigprocmask(SIG_SETMASK, [], [pid 2218] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2217] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2218] <... futex resumed>) = 0 [pid 2217] <... futex resumed>) = 1 [pid 2217] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2217] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2218] memfd_create("syzkaller", 0 [pid 2217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2218] <... memfd_create resumed>) = 3 [pid 2217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2217] <... clone3 resumed> => {parent_tid=[2219]}, 88) = 2219 ./strace-static-x86_64: Process 2219 attached [pid 2217] rt_sigprocmask(SIG_SETMASK, [], [pid 2219] set_robust_list(0x7f22e156f9a0, 24 [pid 2217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2217] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2219] <... set_robust_list resumed>) = 0 [ 52.762085][ T2215] loop0: detected capacity change from 0 to 512 [pid 2217] <... futex resumed>) = 0 [pid 2217] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2219] creat("./bus", 000) = 4 [pid 2219] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2217] <... futex resumed>) = 0 [pid 2219] <... futex resumed>) = 1 [pid 2217] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2219] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2217] <... futex resumed>) = 0 [pid 2217] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2219] <... mount resumed>) = 0 [pid 2219] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2217] <... futex resumed>) = 0 [pid 2218] <... write resumed>) = 262144 [pid 2218] munmap(0x7f22d914f000, 138412032 [pid 2217] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2219] <... futex resumed>) = 1 [pid 2218] <... munmap resumed>) = 0 [pid 2218] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2219] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2217] <... futex resumed>) = 0 [pid 2218] <... openat resumed>) = 5 [pid 2218] ioctl(5, LOOP_SET_FD, 3 [pid 2219] <... open resumed>) = 6 [pid 2217] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2218] <... ioctl resumed>) = 0 [pid 2218] close(3) = 0 [pid 2218] close(5 [pid 2219] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2218] <... close resumed>) = 0 [pid 2218] mkdir("./file0", 0777) = 0 [pid 2218] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2219] <... futex resumed>) = 1 [pid 2217] <... futex resumed>) = 0 [pid 2219] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2217] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2217] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2219] <... futex resumed>) = 0 [pid 2219] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 2219] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2217] <... futex resumed>) = 0 [pid 2217] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2219] <... futex resumed>) = 1 [pid 2219] memfd_create("syzkaller", 0) = 3 [pid 2219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2219] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2219] munmap(0x7f22d914f000, 138412032) = 0 [pid 2219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2219] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2219] ioctl(5, LOOP_CLR_FD) = 0 [ 52.825854][ T2218] loop0: detected capacity change from 0 to 512 [ 52.838807][ T2218] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 52.868943][ T2218] EXT4-fs (loop0): get root inode failed [pid 2219] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2219] close(5) = 0 [pid 2219] close(3) = 0 [pid 2218] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2219] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2218] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2219] <... futex resumed>) = 0 [pid 2218] <... openat resumed>) = 3 [pid 2219] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2218] ioctl(3, LOOP_CLR_FD) = 0 [pid 2218] close(3) = 0 [pid 2218] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2217] exit_group(0) = ? [pid 2218] <... futex resumed>) = ? [pid 2218] +++ exited with 0 +++ [pid 2219] <... futex resumed>) = ? [pid 2219] +++ exited with 0 +++ [pid 2217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2217, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./594", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./594/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./594/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./594/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./594/bus") = 0 umount2("./594/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./594/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./594/binderfs") = 0 umount2("./594/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./594/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./594/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./594/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./594") = 0 mkdir("./595", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2221 ./strace-static-x86_64: Process 2221 attached [pid 2221] set_robust_list(0x5555564336a0, 24) = 0 [pid 2221] chdir("./595") = 0 [pid 2221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2221] setpgid(0, 0) = 0 [pid 2221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2221] write(3, "1000", 4) = 4 [pid 2221] close(3) = 0 [pid 2221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2221] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2221] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2221] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2221] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 52.874567][ T2218] EXT4-fs (loop0): mount failed [pid 2221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2222 attached [pid 2222] set_robust_list(0x7f22e15909a0, 24 [pid 2221] <... clone3 resumed> => {parent_tid=[2222]}, 88) = 2222 [pid 2222] <... set_robust_list resumed>) = 0 [pid 2221] rt_sigprocmask(SIG_SETMASK, [], [pid 2222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2221] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2221] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2222] memfd_create("syzkaller", 0 [pid 2221] <... futex resumed>) = 0 [pid 2222] <... memfd_create resumed>) = 3 [pid 2221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2221] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2222] <... mmap resumed>) = 0x7f22d914f000 [pid 2221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2223]}, 88) = 2223 ./strace-static-x86_64: Process 2223 attached [pid 2221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2221] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2221] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2223] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2223] creat("./bus", 000) = 4 [pid 2223] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2223] <... futex resumed>) = 1 [pid 2221] <... futex resumed>) = 0 [pid 2221] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2221] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2223] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2223] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2221] <... futex resumed>) = 0 [pid 2221] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2221] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2223] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2222] <... write resumed>) = 262144 [pid 2222] munmap(0x7f22d914f000, 138412032 [pid 2223] <... open resumed>) = 5 [pid 2222] <... munmap resumed>) = 0 [pid 2222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2222] ioctl(6, LOOP_SET_FD, 3 [pid 2223] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2221] <... futex resumed>) = 0 [pid 2221] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2221] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2222] <... ioctl resumed>) = 0 [pid 2222] close(3) = 0 [pid 2222] close(6) = 0 [pid 2222] mkdir("./file0", 0777) = 0 [pid 2222] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2223] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2223] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2222] <... mount resumed>) = 0 [pid 2223] <... futex resumed>) = 1 [pid 2222] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY [pid 2221] <... futex resumed>) = 0 [pid 2221] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2222] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 2223] memfd_create("syzkaller", 0 [pid 2222] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2221] <... futex resumed>) = 0 [pid 2222] <... openat resumed>) = 3 [pid 2223] <... memfd_create resumed>) = 6 [pid 2222] ioctl(3, LOOP_CLR_FD [pid 2223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2222] <... ioctl resumed>) = 0 [pid 2222] close(3 [pid 2223] <... mmap resumed>) = 0x7f22d914f000 [pid 2222] <... close resumed>) = 0 [pid 2222] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2222] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2223] write(6, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2223] munmap(0x7f22d914f000, 138412032) = 0 [pid 2223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2223] ioctl(3, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2223] ioctl(3, LOOP_CLR_FD) = 0 [pid 2223] ioctl(3, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2223] close(3) = 0 [ 52.923460][ T2222] loop0: detected capacity change from 0 to 512 [ 52.935423][ T2222] EXT4-fs (loop0): 1 truncate cleaned up [pid 2223] close(6) = 0 [pid 2223] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2223] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2221] exit_group(0) = ? [pid 2222] <... futex resumed>) = ? [pid 2222] +++ exited with 0 +++ [pid 2223] <... futex resumed>) = ? [pid 2223] +++ exited with 0 +++ [pid 2221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2221, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./595", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./595/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./595/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./595/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./595/bus") = 0 umount2("./595/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./595/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./595/binderfs") = 0 umount2("./595/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./595/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./595/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./595/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./595/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./595") = 0 mkdir("./596", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2225 ./strace-static-x86_64: Process 2225 attached [pid 2225] set_robust_list(0x5555564336a0, 24) = 0 [pid 2225] chdir("./596") = 0 [pid 2225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2225] setpgid(0, 0) = 0 [pid 2225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2225] write(3, "1000", 4) = 4 [pid 2225] close(3) = 0 [pid 2225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2225] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2225] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2225] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2226 attached => {parent_tid=[2226]}, 88) = 2226 [pid 2226] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2226] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2225] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2226] <... futex resumed>) = 0 [pid 2226] memfd_create("syzkaller", 0 [pid 2225] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2225] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2227]}, 88) = 2227 ./strace-static-x86_64: Process 2227 attached [pid 2225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2225] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2225] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2227] set_robust_list(0x7f22e156f9a0, 24 [pid 2226] <... memfd_create resumed>) = 3 [pid 2226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2227] <... set_robust_list resumed>) = 0 [pid 2227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2227] creat("./bus", 000) = 4 [pid 2227] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] <... futex resumed>) = 0 [pid 2225] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2225] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2227] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2227] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] <... futex resumed>) = 0 [pid 2225] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2225] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2227] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2227] <... open resumed>) = 5 [pid 2227] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] <... futex resumed>) = 0 [pid 2225] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2225] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2227] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2227] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] <... futex resumed>) = 0 [pid 2225] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2227] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2226] <... write resumed>) = 262144 [pid 2226] munmap(0x7f22d914f000, 138412032 [pid 2227] +++ killed by SIGBUS +++ [pid 2226] <... munmap resumed>) = ? [pid 2226] +++ killed by SIGBUS +++ [pid 2225] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2225, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./596", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./596/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./596/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./596/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./596/bus") = 0 umount2("./596/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./596/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./596/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./596") = 0 mkdir("./597", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2228 ./strace-static-x86_64: Process 2228 attached [pid 2228] set_robust_list(0x5555564336a0, 24) = 0 [pid 2228] chdir("./597") = 0 [pid 2228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2228] setpgid(0, 0) = 0 [pid 2228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2228] write(3, "1000", 4) = 4 [pid 2228] close(3) = 0 [pid 2228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2228] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2228] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2229 attached => {parent_tid=[2229]}, 88) = 2229 [pid 2229] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2229] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2228] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2229] <... futex resumed>) = 0 [pid 2228] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2229] memfd_create("syzkaller", 0 [pid 2228] <... futex resumed>) = 0 [pid 2229] <... memfd_create resumed>) = 3 [pid 2229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2228] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2230 attached => {parent_tid=[2230]}, 88) = 2230 [pid 2230] set_robust_list(0x7f22d916f9a0, 24 [pid 2228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2230] <... set_robust_list resumed>) = 0 [pid 2230] rt_sigprocmask(SIG_SETMASK, [], [pid 2228] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2228] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2230] creat("./bus", 000 [pid 2229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2230] <... creat resumed>) = 4 [pid 2230] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2228] <... futex resumed>) = 0 [pid 2230] <... futex resumed>) = 1 [pid 2228] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2230] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2228] <... futex resumed>) = 0 [pid 2228] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2230] <... mount resumed>) = 0 [pid 2230] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2229] <... write resumed>) = 262144 [pid 2229] munmap(0x7f22d9170000, 138412032 [pid 2228] <... futex resumed>) = 0 [pid 2230] <... futex resumed>) = 1 [pid 2228] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2230] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2229] <... munmap resumed>) = 0 [pid 2229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2229] ioctl(5, LOOP_SET_FD, 3 [pid 2230] <... open resumed>) = 6 [pid 2228] <... futex resumed>) = 0 [pid 2230] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2228] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2230] <... futex resumed>) = 0 [pid 2228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2228] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2230] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2229] <... ioctl resumed>) = 0 [pid 2229] close(3) = 0 [pid 2229] close(5) = 0 [pid 2229] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2229] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2229] ioctl(3, LOOP_CLR_FD) = 0 [pid 2229] close(3) = 0 [pid 2229] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2229] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2230] <... mmap resumed>) = 0x20000000 [pid 2230] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2228] <... futex resumed>) = 0 [pid 2228] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2229] <... futex resumed>) = 0 [pid 2229] memfd_create("syzkaller", 0) = 3 [pid 2229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2230] <... futex resumed>) = 1 [pid 2230] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2229] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2229] munmap(0x7f22d9170000, 138412032) = 0 [pid 2229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2229] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2229] ioctl(5, LOOP_CLR_FD) = 0 [pid 2229] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2229] close(5) = 0 [pid 2229] close(3) = 0 [pid 2229] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2229] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] exit_group(0 [pid 2230] <... futex resumed>) = ? [pid 2228] <... exit_group resumed>) = ? [pid 2230] +++ exited with 0 +++ [pid 2229] <... futex resumed>) = ? [pid 2229] +++ exited with 0 +++ [pid 2228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2228, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./597", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./597/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./597/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./597/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./597/bus") = 0 umount2("./597/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 53.036857][ T2229] loop0: detected capacity change from 0 to 512 [ 53.043426][ T2230] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 23 prio class 2 newfstatat(AT_FDCWD, "./597/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./597/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./597") = 0 mkdir("./598", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2231 ./strace-static-x86_64: Process 2231 attached [pid 2231] set_robust_list(0x5555564336a0, 24) = 0 [pid 2231] chdir("./598") = 0 [pid 2231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2231] setpgid(0, 0) = 0 [pid 2231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2231] write(3, "1000", 4) = 4 [pid 2231] close(3) = 0 [pid 2231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2231] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2231] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2231] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2232 attached => {parent_tid=[2232]}, 88) = 2232 [pid 2232] set_robust_list(0x7f22e15909a0, 24 [pid 2231] rt_sigprocmask(SIG_SETMASK, [], [pid 2232] <... set_robust_list resumed>) = 0 [pid 2231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2232] rt_sigprocmask(SIG_SETMASK, [], [pid 2231] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2231] <... futex resumed>) = 0 [pid 2232] memfd_create("syzkaller", 0 [pid 2231] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2232] <... memfd_create resumed>) = 3 [pid 2231] <... mmap resumed>) = 0x7f22e154f000 [pid 2232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2231] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2232] <... mmap resumed>) = 0x7f22d914f000 [pid 2231] <... mprotect resumed>) = 0 [pid 2231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2233]}, 88) = 2233 [pid 2231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2231] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2231] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2233 attached [pid 2233] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2233] creat("./bus", 000 [pid 2232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2233] <... creat resumed>) = 4 [pid 2233] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2233] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2231] <... futex resumed>) = 0 [pid 2231] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2233] <... futex resumed>) = 0 [pid 2233] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2231] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2233] <... mount resumed>) = 0 [pid 2232] <... write resumed>) = 262144 [pid 2233] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2232] munmap(0x7f22d914f000, 138412032 [pid 2233] <... futex resumed>) = 1 [pid 2231] <... futex resumed>) = 0 [pid 2231] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2231] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2233] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2232] <... munmap resumed>) = 0 [pid 2233] <... open resumed>) = 5 [pid 2232] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2233] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2232] <... openat resumed>) = 6 [pid 2233] <... futex resumed>) = 1 [pid 2232] ioctl(6, LOOP_SET_FD, 3 [pid 2231] <... futex resumed>) = 0 [pid 2231] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2231] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2233] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2233] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2231] <... futex resumed>) = 0 [pid 2231] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2232] <... ioctl resumed>) = 0 [pid 2232] close(3) = 0 [pid 2232] close(6) = 0 [pid 2232] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2232] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2232] ioctl(3, LOOP_CLR_FD) = 0 [pid 2232] close(3) = 0 [pid 2232] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2232] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2233] memfd_create("syzkaller", 0) = 3 [pid 2233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2233] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2233] munmap(0x7f22d914f000, 138412032) = 0 [pid 2233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2233] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2233] ioctl(6, LOOP_CLR_FD) = 0 [pid 2233] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2233] close(6) = 0 [pid 2233] close(3) = 0 [pid 2233] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2231] exit_group(0 [pid 2233] ????( [pid 2231] <... exit_group resumed>) = ? [pid 2232] <... futex resumed>) = ? [pid 2232] +++ exited with 0 +++ [pid 2233] <... ???? resumed>) = ? [pid 2233] +++ exited with 0 +++ [pid 2231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2231, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./598", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./598/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./598/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./598/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./598/bus") = 0 umount2("./598/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 53.120410][ T2232] loop0: detected capacity change from 0 to 512 [ 53.127263][ T2233] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 18 prio class 2 newfstatat(AT_FDCWD, "./598/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./598/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./598") = 0 mkdir("./599", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2234 ./strace-static-x86_64: Process 2234 attached [pid 2234] set_robust_list(0x5555564336a0, 24) = 0 [pid 2234] chdir("./599") = 0 [pid 2234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2234] setpgid(0, 0) = 0 [pid 2234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2234] write(3, "1000", 4) = 4 [pid 2234] close(3) = 0 [pid 2234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2234] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2234] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2234] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2235]}, 88) = 2235 ./strace-static-x86_64: Process 2235 attached [pid 2235] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2235] rt_sigprocmask(SIG_SETMASK, [], [pid 2234] rt_sigprocmask(SIG_SETMASK, [], [pid 2235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2235] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2234] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2234] <... futex resumed>) = 0 [pid 2235] memfd_create("syzkaller", 0 [pid 2234] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2235] <... memfd_create resumed>) = 3 [pid 2234] <... futex resumed>) = 0 [pid 2235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2235] <... mmap resumed>) = 0x7f22d9170000 [pid 2234] <... mmap resumed>) = 0x7f22d914f000 [pid 2234] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2236]}, 88) = 2236 [pid 2234] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2236 attached [pid 2235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2236] set_robust_list(0x7f22d916f9a0, 24 [pid 2234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2234] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2234] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2236] <... set_robust_list resumed>) = 0 [pid 2235] <... write resumed>) = 262144 [pid 2235] munmap(0x7f22d9170000, 138412032 [pid 2236] rt_sigprocmask(SIG_SETMASK, [], [pid 2235] <... munmap resumed>) = 0 [pid 2235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2235] ioctl(4, LOOP_SET_FD, 3 [pid 2236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2236] creat("./bus", 000) = 5 [pid 2236] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2234] <... futex resumed>) = 0 [pid 2234] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2234] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2236] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2236] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2234] <... futex resumed>) = 0 [pid 2234] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2234] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2236] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2236] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2234] <... futex resumed>) = 0 [pid 2234] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2234] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2236] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2235] <... ioctl resumed>) = 0 [pid 2235] close(3) = 0 [pid 2235] close(4) = 0 [pid 2235] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2235] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2235] ioctl(3, LOOP_CLR_FD) = 0 [pid 2235] close(3) = 0 [pid 2235] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2235] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2236] <... mmap resumed>) = 0x20000000 [pid 2236] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2234] <... futex resumed>) = 0 [pid 2234] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2235] <... futex resumed>) = 0 [pid 2235] memfd_create("syzkaller", 0) = 3 [pid 2235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2236] <... futex resumed>) = 1 [pid 2236] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2235] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2235] munmap(0x7f22d9170000, 138412032) = 0 [pid 2235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2235] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2235] ioctl(4, LOOP_CLR_FD) = 0 [pid 2235] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2235] close(4) = 0 [pid 2235] close(3) = 0 [pid 2235] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2235] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2234] exit_group(0) = ? [pid 2236] <... futex resumed>) = ? [pid 2236] +++ exited with 0 +++ [pid 2235] <... futex resumed>) = ? [pid 2235] +++ exited with 0 +++ [pid 2234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2234, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./599", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./599", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./599/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./599/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./599/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./599/bus") = 0 umount2("./599/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./599/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./599/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./599") = 0 mkdir("./600", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2237 ./strace-static-x86_64: Process 2237 attached [pid 2237] set_robust_list(0x5555564336a0, 24) = 0 [pid 2237] chdir("./600") = 0 [pid 2237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2237] setpgid(0, 0) = 0 [pid 2237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2237] write(3, "1000", 4) = 4 [pid 2237] close(3) = 0 [pid 2237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2237] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2237] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2238]}, 88) = 2238 ./strace-static-x86_64: Process 2238 attached [pid 2237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2237] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2237] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2239]}, 88) = 2239 [pid 2237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2237] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2239 attached [pid 2238] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2238] memfd_create("syzkaller", 0) = 3 [pid 2239] set_robust_list(0x7f22e156f9a0, 24 [pid 2238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2239] <... set_robust_list resumed>) = 0 [pid 2239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2239] creat("./bus", 000) = 4 [ 53.194763][ T2235] loop0: detected capacity change from 0 to 512 [pid 2239] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2237] <... futex resumed>) = 0 [pid 2237] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2239] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2239] <... mount resumed>) = 0 [pid 2239] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2237] <... futex resumed>) = 0 [pid 2237] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2239] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2239] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2238] <... write resumed>) = 262144 [pid 2237] <... futex resumed>) = 0 [pid 2237] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2238] munmap(0x7f22d914f000, 138412032 [pid 2239] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2238] <... munmap resumed>) = 0 [pid 2238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2238] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 2238] close(3) = 0 [pid 2238] close(6) = 0 [pid 2238] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2239] <... mmap resumed>) = 0x20000000 [pid 2239] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2237] <... futex resumed>) = 0 [pid 2237] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2239] <... futex resumed>) = 1 [pid 2239] memfd_create("syzkaller", 0) = 3 [pid 2239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2238] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2238] ioctl(6, LOOP_CLR_FD) = 0 [pid 2238] close(6) = 0 [pid 2238] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2238] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2239] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2239] munmap(0x7f22d914f000, 138412032) = 0 [pid 2239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2239] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2239] ioctl(6, LOOP_CLR_FD) = 0 [pid 2239] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2239] close(6) = 0 [pid 2239] close(3) = 0 [pid 2239] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2239] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2237] exit_group(0 [pid 2238] <... futex resumed>) = ? [pid 2237] <... exit_group resumed>) = ? [pid 2238] +++ exited with 0 +++ [pid 2239] <... futex resumed>) = ? [pid 2239] +++ exited with 0 +++ [pid 2237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2237, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./600", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./600/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./600/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./600/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./600/bus") = 0 umount2("./600/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 53.258008][ T2238] loop0: detected capacity change from 0 to 512 [ 53.264512][ T2239] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 22 prio class 2 newfstatat(AT_FDCWD, "./600/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./600/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./600") = 0 mkdir("./601", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2240 ./strace-static-x86_64: Process 2240 attached [pid 2240] set_robust_list(0x5555564336a0, 24) = 0 [pid 2240] chdir("./601") = 0 [pid 2240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2240] setpgid(0, 0) = 0 [pid 2240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2240] write(3, "1000", 4) = 4 [pid 2240] close(3) = 0 [pid 2240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2240] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2240] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2240] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2240] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2241 attached => {parent_tid=[2241]}, 88) = 2241 [pid 2241] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2241] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2240] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2241] <... futex resumed>) = 0 [pid 2240] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2241] memfd_create("syzkaller", 0) = 3 [pid 2240] <... futex resumed>) = 0 [pid 2241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2240] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2240] <... clone3 resumed> => {parent_tid=[2242]}, 88) = 2242 [pid 2240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2241] <... write resumed>) = 262144 ./strace-static-x86_64: Process 2242 attached [pid 2241] munmap(0x7f22d9170000, 138412032 [pid 2242] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2241] <... munmap resumed>) = 0 [pid 2242] rt_sigprocmask(SIG_SETMASK, [], [pid 2241] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2242] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2241] <... openat resumed>) = 4 [pid 2241] ioctl(4, LOOP_SET_FD, 3 [pid 2240] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2240] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2242] <... futex resumed>) = 0 [pid 2242] creat("./bus", 000) = 5 [pid 2242] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2240] <... futex resumed>) = 0 [pid 2240] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2240] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2242] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2242] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2240] <... futex resumed>) = 0 [pid 2240] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2240] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2242] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2242] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2240] <... futex resumed>) = 0 [pid 2240] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2240] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2242] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2241] <... ioctl resumed>) = 0 [pid 2241] close(3) = 0 [pid 2241] close(4) = 0 [pid 2241] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2241] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2241] ioctl(3, LOOP_CLR_FD) = 0 [pid 2241] close(3) = 0 [pid 2241] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2241] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2242] <... mmap resumed>) = 0x20000000 [pid 2242] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2240] <... futex resumed>) = 0 [pid 2240] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2241] <... futex resumed>) = 0 [pid 2241] memfd_create("syzkaller", 0) = 3 [pid 2241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2242] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2241] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2241] munmap(0x7f22d9170000, 138412032) = 0 [pid 2241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2241] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2241] ioctl(4, LOOP_CLR_FD) = 0 [pid 2241] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2241] close(4) = 0 [pid 2241] close(3) = 0 [pid 2241] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2241] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2240] exit_group(0 [pid 2242] <... futex resumed>) = ? [pid 2240] <... exit_group resumed>) = ? [pid 2242] +++ exited with 0 +++ [pid 2241] <... futex resumed>) = ? [pid 2241] +++ exited with 0 +++ [pid 2240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2240, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./601", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./601/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./601/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./601/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./601/bus") = 0 umount2("./601/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./601/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./601/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./601") = 0 mkdir("./602", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2243 ./strace-static-x86_64: Process 2243 attached [pid 2243] set_robust_list(0x5555564336a0, 24) = 0 [pid 2243] chdir("./602") = 0 [pid 2243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2243] setpgid(0, 0) = 0 [pid 2243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2243] write(3, "1000", 4) = 4 [pid 2243] close(3) = 0 [pid 2243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2243] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2243] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2243] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2244]}, 88) = 2244 ./strace-static-x86_64: Process 2244 attached [pid 2244] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2244] rt_sigprocmask(SIG_SETMASK, [], [pid 2243] rt_sigprocmask(SIG_SETMASK, [], [pid 2244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2244] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2243] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2244] <... futex resumed>) = 0 [pid 2243] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2244] memfd_create("syzkaller", 0) = 3 [pid 2244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2243] <... futex resumed>) = 0 [pid 2244] <... mmap resumed>) = 0x7f22d9170000 [pid 2243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2243] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2245]}, 88) = 2245 ./strace-static-x86_64: Process 2245 attached [pid 2244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 53.332785][ T2241] loop0: detected capacity change from 0 to 512 [pid 2243] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2245] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2244] <... write resumed>) = 262144 [pid 2244] munmap(0x7f22d9170000, 138412032 [pid 2245] rt_sigprocmask(SIG_SETMASK, [], [pid 2244] <... munmap resumed>) = 0 [pid 2244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2244] ioctl(4, LOOP_SET_FD, 3 [pid 2245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2245] creat("./bus", 000) = 5 [pid 2245] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2243] <... futex resumed>) = 0 [pid 2243] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2245] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2245] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2243] <... futex resumed>) = 0 [pid 2243] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2245] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2245] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2243] <... futex resumed>) = 0 [pid 2243] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2245] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2244] <... ioctl resumed>) = 0 [pid 2244] close(3) = 0 [pid 2244] close(4) = 0 [pid 2244] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2244] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2244] ioctl(3, LOOP_CLR_FD) = 0 [pid 2244] close(3) = 0 [pid 2244] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2244] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2245] <... mmap resumed>) = 0x20000000 [pid 2245] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2243] <... futex resumed>) = 0 [pid 2245] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2243] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2244] <... futex resumed>) = 0 [pid 2244] memfd_create("syzkaller", 0) = 3 [pid 2244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2244] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2244] munmap(0x7f22d9170000, 138412032) = 0 [pid 2244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2244] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2244] ioctl(4, LOOP_CLR_FD) = 0 [pid 2244] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2244] close(4) = 0 [pid 2244] close(3) = 0 [pid 2244] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2244] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2243] exit_group(0) = ? [pid 2245] <... futex resumed>) = ? [pid 2245] +++ exited with 0 +++ [pid 2244] <... futex resumed>) = ? [pid 2244] +++ exited with 0 +++ [pid 2243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2243, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./602", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./602/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./602/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./602/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./602/bus") = 0 umount2("./602/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./602/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./602/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./602") = 0 mkdir("./603", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2247 ./strace-static-x86_64: Process 2247 attached [pid 2247] set_robust_list(0x5555564336a0, 24) = 0 [pid 2247] chdir("./603") = 0 [ 53.394819][ T2244] loop0: detected capacity change from 0 to 512 [ 53.401732][ T2245] Buffer I/O error on dev loop0, logical block 0, async page read [pid 2247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2247] setpgid(0, 0) = 0 [pid 2247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2247] write(3, "1000", 4) = 4 [pid 2247] close(3) = 0 [pid 2247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2247] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2247] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2247] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2248]}, 88) = 2248 [pid 2247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2247] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2247] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2249]}, 88) = 2249 [pid 2247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2247] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2249 attached [pid 2249] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2249] creat("./bus", 000) = 3 [pid 2249] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... futex resumed>) = 0 [pid 2247] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2249] <... futex resumed>) = 1 [pid 2249] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2249] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... futex resumed>) = 0 [pid 2247] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2249] <... futex resumed>) = 1 [pid 2249] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2249] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... futex resumed>) = 0 [pid 2247] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2249] <... futex resumed>) = 1 [pid 2249] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2249] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... futex resumed>) = 0 [pid 2247] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2249] <... futex resumed>) = 1 ./strace-static-x86_64: Process 2248 attached [pid 2249] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2249] +++ killed by SIGBUS +++ [pid 2248] +++ killed by SIGBUS +++ [pid 2247] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2247, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./603", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./603/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./603/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./603/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./603/bus") = 0 umount2("./603/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./603/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./603/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./603") = 0 mkdir("./604", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2250 ./strace-static-x86_64: Process 2250 attached [pid 2250] set_robust_list(0x5555564336a0, 24) = 0 [pid 2250] chdir("./604") = 0 [pid 2250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2250] setpgid(0, 0) = 0 [pid 2250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2250] write(3, "1000", 4) = 4 [pid 2250] close(3) = 0 [pid 2250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2250] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2250] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2250] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2250] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2251 attached [pid 2251] set_robust_list(0x7f22e15909a0, 24 [pid 2250] <... clone3 resumed> => {parent_tid=[2251]}, 88) = 2251 [pid 2251] <... set_robust_list resumed>) = 0 [pid 2250] rt_sigprocmask(SIG_SETMASK, [], [pid 2251] rt_sigprocmask(SIG_SETMASK, [], [pid 2250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2250] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2251] memfd_create("syzkaller", 0 [pid 2250] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2251] <... memfd_create resumed>) = 3 [pid 2250] <... mmap resumed>) = 0x7f22e154f000 [pid 2251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2250] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2250] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2251] <... mmap resumed>) = 0x7f22d914f000 [pid 2250] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2252]}, 88) = 2252 ./strace-static-x86_64: Process 2252 attached [pid 2252] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2252] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2250] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2252] creat("./bus", 000 [pid 2250] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2252] <... creat resumed>) = 4 [pid 2252] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2250] <... futex resumed>) = 0 [pid 2250] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2252] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2250] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2252] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2250] <... futex resumed>) = 0 [pid 2252] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2250] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2250] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2252] <... open resumed>) = 5 [pid 2252] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2250] <... futex resumed>) = 0 [pid 2252] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2250] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2250] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2252] <... mmap resumed>) = 0x20000000 [pid 2252] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2250] <... futex resumed>) = 0 [pid 2250] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2252] +++ killed by SIGBUS +++ [pid 2251] +++ killed by SIGBUS +++ [pid 2250] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2250, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./604", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./604/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./604/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./604/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./604/bus") = 0 umount2("./604/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./604/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./604/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./604") = 0 mkdir("./605", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2253 ./strace-static-x86_64: Process 2253 attached [pid 2253] set_robust_list(0x5555564336a0, 24) = 0 [pid 2253] chdir("./605") = 0 [pid 2253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2253] setpgid(0, 0) = 0 [pid 2253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2253] write(3, "1000", 4) = 4 [pid 2253] close(3) = 0 [pid 2253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2253] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2253] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2253] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2254 attached => {parent_tid=[2254]}, 88) = 2254 [pid 2254] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2254] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2253] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2254] <... futex resumed>) = 0 [pid 2253] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2254] memfd_create("syzkaller", 0) = 3 [pid 2253] <... futex resumed>) = 0 [pid 2254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2253] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2255]}, 88) = 2255 [pid 2253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2253] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2253] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2255 attached [pid 2255] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2255] rt_sigprocmask(SIG_SETMASK, [], [pid 2254] <... write resumed>) = 262144 [pid 2255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2254] munmap(0x7f22d9170000, 138412032 [pid 2255] creat("./bus", 000) = 4 [pid 2255] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2254] <... munmap resumed>) = 0 [pid 2255] <... futex resumed>) = 1 [pid 2253] <... futex resumed>) = 0 [pid 2254] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2255] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2253] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2255] <... mount resumed>) = 0 [pid 2254] <... openat resumed>) = 5 [pid 2253] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2255] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2254] ioctl(5, LOOP_SET_FD, 3 [pid 2255] <... futex resumed>) = 1 [pid 2253] <... futex resumed>) = 0 [pid 2253] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2253] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2255] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2255] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2254] <... ioctl resumed>) = 0 [pid 2253] <... futex resumed>) = 0 [pid 2255] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2254] close(3) = 0 [pid 2254] close(5) = 0 [pid 2254] mkdir("./file0", 0777) = 0 [pid 2254] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2253] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2255] <... futex resumed>) = 0 [pid 2253] <... futex resumed>) = 1 [pid 2255] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2253] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2255] <... mmap resumed>) = 0x20000000 [pid 2255] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2253] <... futex resumed>) = 0 [pid 2255] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2253] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2255] memfd_create("syzkaller", 0) = 3 [pid 2255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2254] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2254] ioctl(5, LOOP_CLR_FD) = 0 [pid 2254] close(5 [pid 2255] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2254] <... close resumed>) = 0 [pid 2254] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2254] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2255] <... write resumed>) = 4194304 [pid 2255] munmap(0x7f22d9170000, 138412032) = 0 [pid 2255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2255] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2255] ioctl(5, LOOP_CLR_FD) = 0 [pid 2255] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2255] close(5) = 0 [pid 2255] close(3) = 0 [pid 2255] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2255] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2253] exit_group(0) = ? [pid 2255] <... futex resumed>) = ? [pid 2255] +++ exited with 0 +++ [pid 2254] <... futex resumed>) = ? [pid 2254] +++ exited with 0 +++ [pid 2253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2253, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- umount2("./605", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./605/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./605/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./605/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./605/bus") = 0 umount2("./605/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./605/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./605/binderfs") = 0 umount2("./605/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./605/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./605/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./605/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./605") = 0 mkdir("./606", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2257 ./strace-static-x86_64: Process 2257 attached [pid 2257] set_robust_list(0x5555564336a0, 24) = 0 [pid 2257] chdir("./606") = 0 [pid 2257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2257] setpgid(0, 0) = 0 [pid 2257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2257] write(3, "1000", 4) = 4 [pid 2257] close(3) = 0 [pid 2257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2257] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2257] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [ 53.517900][ T2254] loop0: detected capacity change from 0 to 512 [ 53.530221][ T2254] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 53.543801][ T2254] EXT4-fs (loop0): get root inode failed [ 53.549289][ T2254] EXT4-fs (loop0): mount failed [pid 2257] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2257] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2257] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2258 attached [pid 2258] set_robust_list(0x7f22e15909a0, 24 [pid 2257] <... clone3 resumed> => {parent_tid=[2258]}, 88) = 2258 [pid 2258] <... set_robust_list resumed>) = 0 [pid 2257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2258] rt_sigprocmask(SIG_SETMASK, [], [pid 2257] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2257] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2258] memfd_create("syzkaller", 0 [pid 2257] <... mmap resumed>) = 0x7f22e154f000 [pid 2257] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2258] <... memfd_create resumed>) = 3 [pid 2257] <... mprotect resumed>) = 0 [pid 2257] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2257] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2258] <... mmap resumed>) = 0x7f22d914f000 [pid 2257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2259 attached => {parent_tid=[2259]}, 88) = 2259 [pid 2259] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2259] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2257] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2259] <... futex resumed>) = 0 [pid 2259] creat("./bus", 000 [pid 2257] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2259] <... creat resumed>) = 4 [pid 2259] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2259] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] <... futex resumed>) = 0 [pid 2257] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2257] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2259] <... futex resumed>) = 0 [pid 2259] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2259] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2257] <... futex resumed>) = 0 [pid 2259] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2257] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2257] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2259] <... open resumed>) = 5 [pid 2259] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2257] <... futex resumed>) = 0 [pid 2259] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2257] <... futex resumed>) = 0 [pid 2259] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2257] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2259] <... mmap resumed>) = 0x20000000 [pid 2258] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d9c} --- [pid 2259] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2257] <... futex resumed>) = 0 [pid 2257] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2259] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2257] <... futex resumed>) = 0 [pid 2259] +++ killed by SIGBUS +++ [pid 2258] +++ killed by SIGBUS +++ [pid 2257] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2257, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./606", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./606", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./606/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./606/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./606/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./606/bus") = 0 umount2("./606/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./606/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./606/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./606") = 0 mkdir("./607", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2260 ./strace-static-x86_64: Process 2260 attached [pid 2260] set_robust_list(0x5555564336a0, 24) = 0 [pid 2260] chdir("./607") = 0 [pid 2260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2260] setpgid(0, 0) = 0 [pid 2260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2260] write(3, "1000", 4) = 4 [pid 2260] close(3) = 0 [pid 2260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2260] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2260] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2260] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2260] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2261 attached [pid 2261] set_robust_list(0x7f22e15909a0, 24 [pid 2260] <... clone3 resumed> => {parent_tid=[2261]}, 88) = 2261 [pid 2261] <... set_robust_list resumed>) = 0 [pid 2260] rt_sigprocmask(SIG_SETMASK, [], [pid 2261] rt_sigprocmask(SIG_SETMASK, [], [pid 2260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2260] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2261] memfd_create("syzkaller", 0 [pid 2260] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2261] <... memfd_create resumed>) = 3 [pid 2261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2260] <... mmap resumed>) = 0x7f22e154f000 [pid 2260] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2261] <... mmap resumed>) = 0x7f22d914f000 [pid 2260] <... mprotect resumed>) = 0 [pid 2260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2262]}, 88) = 2262 [pid 2260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2260] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2260] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2262 attached [pid 2262] set_robust_list(0x7f22e156f9a0, 24 [pid 2261] <... write resumed>) = 262144 [pid 2262] <... set_robust_list resumed>) = 0 [pid 2261] munmap(0x7f22d914f000, 138412032 [pid 2262] rt_sigprocmask(SIG_SETMASK, [], [pid 2261] <... munmap resumed>) = 0 [pid 2262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2261] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2262] creat("./bus", 000 [pid 2261] <... openat resumed>) = 4 [pid 2261] ioctl(4, LOOP_SET_FD, 3 [pid 2262] <... creat resumed>) = 5 [pid 2261] <... ioctl resumed>) = 0 [pid 2262] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2261] close(3 [pid 2262] <... futex resumed>) = 1 [pid 2261] <... close resumed>) = 0 [pid 2260] <... futex resumed>) = 0 [pid 2260] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2260] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2262] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2261] close(4 [pid 2262] <... mount resumed>) = 0 [pid 2261] <... close resumed>) = 0 [pid 2262] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2261] mkdir("./file0", 0777 [pid 2262] <... futex resumed>) = 1 [pid 2260] <... futex resumed>) = 0 [pid 2260] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2260] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2262] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2262] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2260] <... futex resumed>) = 0 [pid 2260] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2260] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2262] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2261] <... mkdir resumed>) = 0 [pid 2261] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 2262] <... mmap resumed>) = 0x20000000 [pid 2262] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2261] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 2262] <... futex resumed>) = 1 [pid 2261] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2260] <... futex resumed>) = 0 [pid 2260] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2262] memfd_create("syzkaller", 0 [pid 2260] <... futex resumed>) = 0 [pid 2262] <... memfd_create resumed>) = 4 [pid 2261] <... openat resumed>) = 6 [pid 2262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2261] ioctl(6, LOOP_CLR_FD [pid 2262] <... mmap resumed>) = 0x7f22d914f000 [pid 2261] <... ioctl resumed>) = 0 [pid 2261] close(6) = 0 [pid 2261] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2261] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2262] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2262] munmap(0x7f22d914f000, 138412032) = 0 [pid 2262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2262] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2262] ioctl(6, LOOP_CLR_FD) = 0 [pid 2262] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2262] close(6) = 0 [pid 2262] close(4) = 0 [pid 2262] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2262] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2260] exit_group(0 [pid 2261] <... futex resumed>) = ? [pid 2260] <... exit_group resumed>) = ? [pid 2261] +++ exited with 0 +++ [pid 2262] <... futex resumed>) = ? [pid 2262] +++ exited with 0 +++ [pid 2260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2260, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./607", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./607/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./607/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./607/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./607/bus") = 0 umount2("./607/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./607/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./607/binderfs") = 0 umount2("./607/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./607/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./607/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./607/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./607") = 0 mkdir("./608", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2263 ./strace-static-x86_64: Process 2263 attached [pid 2263] set_robust_list(0x5555564336a0, 24) = 0 [pid 2263] chdir("./608") = 0 [pid 2263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2263] setpgid(0, 0) = 0 [pid 2263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2263] write(3, "1000", 4) = 4 [pid 2263] close(3) = 0 [pid 2263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2263] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2263] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2263] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2264]}, 88) = 2264 [pid 2263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2263] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2263] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2263] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2265]}, 88) = 2265 [pid 2263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2263] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.627643][ T2261] loop0: detected capacity change from 0 to 512 [pid 2263] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2265 attached [pid 2265] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2265] creat("./bus", 000) = 3 [pid 2265] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2263] <... futex resumed>) = 0 [pid 2263] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2263] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2265] <... futex resumed>) = 1 [pid 2265] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2265] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2263] <... futex resumed>) = 0 [pid 2263] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2263] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2265] <... futex resumed>) = 1 [pid 2265] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2265] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2263] <... futex resumed>) = 0 [pid 2263] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2263] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2265] <... futex resumed>) = 1 [pid 2265] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0./strace-static-x86_64: Process 2264 attached ) = 0x20000000 [pid 2265] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2263] <... futex resumed>) = 0 [pid 2263] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2265] <... futex resumed>) = 1 [pid 2265] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2264] set_robust_list(0x7f22e15909a0, 24) = ? [pid 2265] +++ killed by SIGBUS +++ [pid 2264] +++ killed by SIGBUS +++ [pid 2263] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2263, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./608", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./608/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./608/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./608/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./608/bus") = 0 umount2("./608/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./608/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./608/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./608") = 0 mkdir("./609", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2266 ./strace-static-x86_64: Process 2266 attached [pid 2266] set_robust_list(0x5555564336a0, 24) = 0 [pid 2266] chdir("./609") = 0 [pid 2266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2266] setpgid(0, 0) = 0 [pid 2266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2266] write(3, "1000", 4) = 4 [pid 2266] close(3) = 0 [pid 2266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2266] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2266] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2266] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2266] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2267]}, 88) = 2267 [pid 2266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 2267 attached [pid 2266] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] set_robust_list(0x7f22e15909a0, 24 [pid 2266] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2266] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2268 attached => {parent_tid=[2268]}, 88) = 2268 [pid 2268] set_robust_list(0x7f22e156f9a0, 24 [pid 2266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2266] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2268] <... set_robust_list resumed>) = 0 [pid 2266] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2268] creat("./bus", 000 [pid 2267] <... set_robust_list resumed>) = 0 [pid 2267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2267] memfd_create("syzkaller", 0 [pid 2268] <... creat resumed>) = 3 [pid 2268] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2267] <... memfd_create resumed>) = 4 [pid 2268] <... futex resumed>) = 1 [pid 2267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2266] <... futex resumed>) = 0 [pid 2266] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2266] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2267] <... mmap resumed>) = 0x7f22d914f000 [pid 2268] <... mount resumed>) = 0 [pid 2268] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2266] <... futex resumed>) = 0 [pid 2266] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2266] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2268] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2266] <... futex resumed>) = 0 [pid 2266] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2266] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2267] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2268] <... mmap resumed>) = 0x20000000 [pid 2268] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2266] <... futex resumed>) = 0 [pid 2266] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2268] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2267] <... write resumed>) = ? [pid 2267] +++ killed by SIGBUS +++ [pid 2268] +++ killed by SIGBUS +++ [pid 2266] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2266, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./609", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./609/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./609/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./609/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./609/bus") = 0 umount2("./609/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./609/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./609/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./609") = 0 mkdir("./610", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2269 ./strace-static-x86_64: Process 2269 attached [pid 2269] set_robust_list(0x5555564336a0, 24) = 0 [pid 2269] chdir("./610") = 0 [pid 2269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2269] setpgid(0, 0) = 0 [pid 2269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2269] write(3, "1000", 4) = 4 [pid 2269] close(3) = 0 [pid 2269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2269] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2269] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2269] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2269] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2270 attached => {parent_tid=[2270]}, 88) = 2270 [pid 2270] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2270] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2269] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2270] <... futex resumed>) = 0 [pid 2269] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2270] memfd_create("syzkaller", 0 [pid 2269] <... futex resumed>) = 0 [pid 2270] <... memfd_create resumed>) = 3 [pid 2270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2269] <... mmap resumed>) = 0x7f22d914f000 [pid 2269] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2271 attached [pid 2271] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2271] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2269] <... clone3 resumed> => {parent_tid=[2271]}, 88) = 2271 [pid 2269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2269] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2271] <... futex resumed>) = 0 [pid 2271] creat("./bus", 000 [pid 2269] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2271] <... creat resumed>) = 4 [pid 2271] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2269] <... futex resumed>) = 0 [pid 2271] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2270] <... write resumed>) = 262144 [pid 2269] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2270] munmap(0x7f22d9170000, 138412032 [pid 2269] <... futex resumed>) = 0 [pid 2271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2270] <... munmap resumed>) = 0 [pid 2269] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2271] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2270] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2271] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2271] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2269] <... futex resumed>) = 0 [pid 2270] <... openat resumed>) = 5 [pid 2270] ioctl(5, LOOP_SET_FD, 3 [pid 2269] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2271] <... futex resumed>) = 0 [pid 2271] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2271] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2271] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2270] <... ioctl resumed>) = 0 [pid 2270] close(3 [pid 2269] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2270] <... close resumed>) = 0 [pid 2269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2270] close(5 [pid 2269] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2271] <... futex resumed>) = 0 [pid 2271] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2269] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2271] <... mmap resumed>) = 0x20000000 [pid 2271] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2271] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2269] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2271] <... futex resumed>) = 0 [pid 2269] <... futex resumed>) = 1 [pid 2271] memfd_create("syzkaller", 0 [pid 2270] <... close resumed>) = 0 [pid 2271] <... memfd_create resumed>) = 3 [pid 2271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2270] mkdir(0x200000c0, 0777 [pid 2271] <... mmap resumed>) = 0x7f22d9170000 [pid 2270] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2270] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2270] ioctl(5, LOOP_CLR_FD) = 0 [pid 2270] close(5) = 0 [pid 2270] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2270] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2271] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2271] munmap(0x7f22d9170000, 138412032) = 0 [pid 2271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2271] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2271] ioctl(5, LOOP_CLR_FD) = 0 [pid 2271] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2271] close(5) = 0 [pid 2271] close(3) = 0 [pid 2271] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2269] exit_group(0) = ? [pid 2270] <... futex resumed>) = ? [pid 2270] +++ exited with 0 +++ [ 53.722835][ T2270] loop0: detected capacity change from 0 to 512 [pid 2271] +++ exited with 0 +++ [pid 2269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2269, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./610", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./610/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./610/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./610/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./610/bus") = 0 umount2("./610/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./610/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./610/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./610") = 0 mkdir("./611", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2272 ./strace-static-x86_64: Process 2272 attached [pid 2272] set_robust_list(0x5555564336a0, 24) = 0 [pid 2272] chdir("./611") = 0 [pid 2272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2272] setpgid(0, 0) = 0 [pid 2272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2272] write(3, "1000", 4) = 4 [pid 2272] close(3) = 0 [pid 2272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2272] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2272] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2272] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2273 attached => {parent_tid=[2273]}, 88) = 2273 [pid 2273] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2273] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2272] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2273] <... futex resumed>) = 0 [pid 2272] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2273] memfd_create("syzkaller", 0 [pid 2272] <... futex resumed>) = 0 [pid 2273] <... memfd_create resumed>) = 3 [pid 2273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2272] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2274 attached => {parent_tid=[2274]}, 88) = 2274 [pid 2274] set_robust_list(0x7f22d916f9a0, 24 [pid 2272] rt_sigprocmask(SIG_SETMASK, [], [pid 2274] <... set_robust_list resumed>) = 0 [pid 2273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2274] rt_sigprocmask(SIG_SETMASK, [], [pid 2272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2272] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2274] creat("./bus", 000 [pid 2272] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2274] <... creat resumed>) = 4 [pid 2274] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2273] <... write resumed>) = 262144 [pid 2272] <... futex resumed>) = 0 [pid 2273] munmap(0x7f22d9170000, 138412032 [pid 2274] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2272] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2274] <... mount resumed>) = 0 [pid 2273] <... munmap resumed>) = 0 [pid 2273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2273] ioctl(5, LOOP_SET_FD, 3 [pid 2274] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2272] <... futex resumed>) = 0 [pid 2272] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2274] <... futex resumed>) = 1 [pid 2274] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2274] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2272] <... futex resumed>) = 0 [pid 2272] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2274] <... futex resumed>) = 1 [pid 2274] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2273] <... ioctl resumed>) = 0 [pid 2273] close(3) = 0 [pid 2273] close(5 [pid 2274] <... mmap resumed>) = 0x20000000 [pid 2274] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2272] <... futex resumed>) = 0 [pid 2272] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2274] <... futex resumed>) = 1 [pid 2274] memfd_create("syzkaller", 0) = 3 [pid 2274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2273] <... close resumed>) = 0 [pid 2273] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2273] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2273] ioctl(5, LOOP_CLR_FD) = 0 [pid 2273] close(5) = 0 [pid 2273] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2273] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2274] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2274] munmap(0x7f22d9170000, 138412032) = 0 [pid 2274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2274] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2274] ioctl(5, LOOP_CLR_FD) = 0 [pid 2274] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2274] close(5) = 0 [pid 2274] close(3) = 0 [pid 2274] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2274] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2272] exit_group(0) = ? [pid 2273] <... futex resumed>) = ? [pid 2273] +++ exited with 0 +++ [pid 2274] <... futex resumed>) = ? [pid 2274] +++ exited with 0 +++ [pid 2272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2272, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./611", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./611/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./611/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./611/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./611/bus") = 0 umount2("./611/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./611/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./611/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./611") = 0 mkdir("./612", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2275 ./strace-static-x86_64: Process 2275 attached [pid 2275] set_robust_list(0x5555564336a0, 24) = 0 [pid 2275] chdir("./612") = 0 [pid 2275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2275] setpgid(0, 0) = 0 [pid 2275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2275] write(3, "1000", 4) = 4 [pid 2275] close(3) = 0 [pid 2275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2275] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2275] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [ 53.802873][ T2273] loop0: detected capacity change from 0 to 512 [pid 2275] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2276 attached => {parent_tid=[2276]}, 88) = 2276 [pid 2275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2275] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2275] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2275] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2277]}, 88) = 2277 [pid 2275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2275] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2275] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2276] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 2277 attached [pid 2276] memfd_create("syzkaller", 0) = 3 [pid 2276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2277] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2277] creat("./bus", 000) = 4 [pid 2276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2277] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2275] <... futex resumed>) = 0 [pid 2275] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2275] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2277] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2277] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2275] <... futex resumed>) = 0 [pid 2275] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2275] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2277] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2276] <... write resumed>) = 262144 [pid 2276] munmap(0x7f22d914f000, 138412032) = 0 [pid 2277] <... open resumed>) = 5 [pid 2276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2276] ioctl(6, LOOP_SET_FD, 3 [pid 2277] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2277] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2276] <... ioctl resumed>) = 0 [pid 2275] <... futex resumed>) = 0 [pid 2275] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2275] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2276] close(3) = 0 [pid 2276] close(6 [pid 2277] <... futex resumed>) = 0 [pid 2276] <... close resumed>) = 0 [pid 2276] mkdir("./file0", 0777 [pid 2277] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2276] <... mkdir resumed>) = 0 [pid 2276] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"...) = -1 ENOENT (No such file or directory) [pid 2276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2276] ioctl(3, LOOP_CLR_FD) = 0 [pid 2276] close(3) = 0 [pid 2276] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2276] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2277] <... mmap resumed>) = 0x20000000 [pid 2277] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2275] <... futex resumed>) = 0 [pid 2275] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2276] <... futex resumed>) = 0 [pid 2276] memfd_create("syzkaller", 0) = 3 [pid 2276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2277] <... futex resumed>) = 1 [pid 2277] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2276] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2276] munmap(0x7f22d914f000, 138412032) = 0 [pid 2276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2276] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2276] ioctl(6, LOOP_CLR_FD) = 0 [pid 2276] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2276] close(6) = 0 [pid 2276] close(3) = 0 [pid 2276] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2276] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2275] exit_group(0 [pid 2277] <... futex resumed>) = ? [pid 2275] <... exit_group resumed>) = ? [pid 2277] +++ exited with 0 +++ [pid 2276] <... futex resumed>) = ? [pid 2276] +++ exited with 0 +++ [pid 2275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2275, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./612", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./612", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./612/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./612/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./612/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./612/bus") = 0 umount2("./612/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./612/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./612/binderfs") = 0 umount2("./612/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./612/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./612/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./612/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./612/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./612") = 0 mkdir("./613", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2278 attached , child_tidptr=0x555556433690) = 2278 [pid 2278] set_robust_list(0x5555564336a0, 24) = 0 [pid 2278] chdir("./613") = 0 [pid 2278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2278] setpgid(0, 0) = 0 [pid 2278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2278] write(3, "1000", 4) = 4 [pid 2278] close(3) = 0 [pid 2278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2278] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2278] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2278] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2278] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2279 attached [pid 2279] set_robust_list(0x7f22e15909a0, 24 [pid 2278] <... clone3 resumed> => {parent_tid=[2279]}, 88) = 2279 [pid 2279] <... set_robust_list resumed>) = 0 [pid 2278] rt_sigprocmask(SIG_SETMASK, [], [pid 2279] rt_sigprocmask(SIG_SETMASK, [], [pid 2278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2278] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2278] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2279] memfd_create("syzkaller", 0 [pid 2278] <... mmap resumed>) = 0x7f22e154f000 [pid 2278] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2279] <... memfd_create resumed>) = 3 [pid 2279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2278] <... mprotect resumed>) = 0 [pid 2278] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2279] <... mmap resumed>) = 0x7f22d914f000 [pid 2278] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2280 attached => {parent_tid=[2280]}, 88) = 2280 [pid 2280] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2280] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2278] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2280] <... futex resumed>) = 0 [ 53.869858][ T2276] loop0: detected capacity change from 0 to 512 [pid 2280] creat("./bus", 000 [pid 2278] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2280] <... creat resumed>) = 4 [pid 2280] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2280] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2278] <... futex resumed>) = 0 [pid 2278] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2280] <... futex resumed>) = 0 [pid 2278] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2280] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2280] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2278] <... futex resumed>) = 0 [pid 2280] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2278] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2278] <... futex resumed>) = 0 [pid 2280] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2278] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2280] <... open resumed>) = 5 [pid 2280] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2278] <... futex resumed>) = 0 [pid 2280] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2278] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2278] <... futex resumed>) = 0 [pid 2278] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2280] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2279] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d7d} --- [pid 2280] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2278] <... futex resumed>) = 0 [pid 2278] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2280] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2279] +++ killed by SIGBUS +++ [pid 2280] +++ killed by SIGBUS +++ [pid 2278] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2278, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./613", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./613/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./613/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./613/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./613/bus") = 0 umount2("./613/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./613/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./613/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./613") = 0 mkdir("./614", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2281 ./strace-static-x86_64: Process 2281 attached [pid 2281] set_robust_list(0x5555564336a0, 24) = 0 [pid 2281] chdir("./614") = 0 [pid 2281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2281] setpgid(0, 0) = 0 [pid 2281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2281] write(3, "1000", 4) = 4 [pid 2281] close(3) = 0 [pid 2281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2281] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2281] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2281] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2282 attached => {parent_tid=[2282]}, 88) = 2282 [pid 2282] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2282] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2281] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2282] <... futex resumed>) = 0 [pid 2282] memfd_create("syzkaller", 0 [pid 2281] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2282] <... memfd_create resumed>) = 3 [pid 2282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2281] <... futex resumed>) = 0 [pid 2281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2281] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2283 attached [pid 2283] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2283] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2281] <... clone3 resumed> => {parent_tid=[2283]}, 88) = 2283 [pid 2281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2281] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2283] <... futex resumed>) = 0 [pid 2283] creat("./bus", 000 [pid 2281] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2283] <... creat resumed>) = 4 [pid 2283] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2283] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2281] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2282] <... write resumed>) = 262144 [pid 2282] munmap(0x7f22d9170000, 138412032 [pid 2281] <... futex resumed>) = 1 [pid 2283] <... futex resumed>) = 0 [pid 2283] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2281] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2282] <... munmap resumed>) = 0 [pid 2283] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2282] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2283] <... futex resumed>) = 0 [pid 2283] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2281] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2282] <... openat resumed>) = 5 [pid 2282] ioctl(5, LOOP_SET_FD, 3 [pid 2281] <... futex resumed>) = 1 [pid 2283] <... futex resumed>) = 0 [pid 2283] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2283] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2283] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2281] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2282] <... ioctl resumed>) = 0 [pid 2281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2282] close(3 [pid 2281] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2283] <... futex resumed>) = 0 [pid 2283] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2282] <... close resumed>) = 0 [pid 2281] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2282] close(5) = 0 [pid 2282] mkdir(0x200000c0, 0777 [pid 2283] <... mmap resumed>) = 0x20000000 [pid 2282] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2282] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2282] ioctl(3, LOOP_CLR_FD) = 0 [pid 2282] close(3) = 0 [pid 2282] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2283] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2281] <... futex resumed>) = 0 [pid 2281] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2282] <... futex resumed>) = 0 [pid 2283] <... futex resumed>) = 1 [pid 2283] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2282] memfd_create("syzkaller", 0) = 3 [pid 2282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2282] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2282] munmap(0x7f22d9170000, 138412032) = 0 [pid 2282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2282] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2282] ioctl(5, LOOP_CLR_FD) = 0 [pid 2282] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2282] close(5) = 0 [pid 2282] close(3) = 0 [pid 2282] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2281] exit_group(0 [pid 2283] <... futex resumed>) = ? [pid 2281] <... exit_group resumed>) = ? [pid 2283] +++ exited with 0 +++ [pid 2282] <... futex resumed>) = ? [pid 2282] +++ exited with 0 +++ [pid 2281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2281, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./614", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./614/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./614/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./614/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./614/bus") = 0 umount2("./614/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./614/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./614/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./614") = 0 mkdir("./615", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2284 ./strace-static-x86_64: Process 2284 attached [pid 2284] set_robust_list(0x5555564336a0, 24) = 0 [pid 2284] chdir("./615") = 0 [pid 2284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2284] setpgid(0, 0) = 0 [pid 2284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2284] write(3, "1000", 4) = 4 [pid 2284] close(3) = 0 [pid 2284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2284] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2284] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2284] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2284] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2285 attached => {parent_tid=[2285]}, 88) = 2285 [pid 2285] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2284] rt_sigprocmask(SIG_SETMASK, [], [pid 2285] rt_sigprocmask(SIG_SETMASK, [], [pid 2284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2284] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2284] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 53.953785][ T2282] loop0: detected capacity change from 0 to 512 [pid 2285] memfd_create("syzkaller", 0) = 3 [pid 2284] <... mmap resumed>) = 0x7f22e154f000 [pid 2284] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2284] <... mprotect resumed>) = 0 [pid 2284] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2285] <... mmap resumed>) = 0x7f22d914f000 [pid 2284] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2286 attached => {parent_tid=[2286]}, 88) = 2286 [pid 2286] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2286] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2284] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2286] <... futex resumed>) = 0 [pid 2284] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2286] creat("./bus", 000) = 4 [pid 2286] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2286] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2284] <... futex resumed>) = 0 [pid 2284] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2286] <... futex resumed>) = 0 [pid 2284] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2286] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2286] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2286] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2284] <... futex resumed>) = 0 [pid 2284] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2284] <... futex resumed>) = 1 [pid 2286] <... futex resumed>) = 0 [pid 2284] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2286] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2286] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2284] <... futex resumed>) = 0 [pid 2286] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2284] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2284] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2286] <... mmap resumed>) = 0x20000000 [pid 2286] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2284] <... futex resumed>) = 0 [pid 2284] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2286] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2285] <... write resumed>) = ? [pid 2286] +++ killed by SIGBUS +++ [pid 2285] +++ killed by SIGBUS +++ [pid 2284] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2284, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./615", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./615", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./615/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./615/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./615/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./615/bus") = 0 umount2("./615/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./615/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./615/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./615") = 0 mkdir("./616", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2287 ./strace-static-x86_64: Process 2287 attached [pid 2287] set_robust_list(0x5555564336a0, 24) = 0 [pid 2287] chdir("./616") = 0 [pid 2287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2287] setpgid(0, 0) = 0 [pid 2287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2287] write(3, "1000", 4) = 4 [pid 2287] close(3) = 0 [pid 2287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2287] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2287] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2287] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2288 attached [pid 2288] set_robust_list(0x7f22e15909a0, 24 [pid 2287] <... clone3 resumed> => {parent_tid=[2288]}, 88) = 2288 [pid 2288] <... set_robust_list resumed>) = 0 [pid 2287] rt_sigprocmask(SIG_SETMASK, [], [pid 2288] rt_sigprocmask(SIG_SETMASK, [], [pid 2287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2287] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2288] memfd_create("syzkaller", 0 [pid 2287] <... futex resumed>) = 0 [pid 2287] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2288] <... memfd_create resumed>) = 3 [pid 2288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2288] <... mmap resumed>) = 0x7f22d914f000 [pid 2287] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2287] <... mprotect resumed>) = 0 [pid 2287] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2288] <... write resumed>) = 262144 [pid 2287] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2288] munmap(0x7f22d914f000, 138412032 [pid 2287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2289 attached [pid 2289] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2289] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2287] <... clone3 resumed> => {parent_tid=[2289]}, 88) = 2289 [pid 2288] <... munmap resumed>) = 0 [pid 2287] rt_sigprocmask(SIG_SETMASK, [], [pid 2288] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2287] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2288] <... openat resumed>) = 4 [pid 2288] ioctl(4, LOOP_SET_FD, 3 [pid 2287] <... futex resumed>) = 1 [pid 2289] <... futex resumed>) = 0 [pid 2289] creat("./bus", 000 [pid 2287] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2289] <... creat resumed>) = 5 [pid 2289] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2289] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2288] <... ioctl resumed>) = 0 [pid 2287] <... futex resumed>) = 0 [pid 2288] close(3 [pid 2287] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2288] <... close resumed>) = 0 [pid 2287] <... futex resumed>) = 1 [pid 2289] <... futex resumed>) = 0 [pid 2287] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2289] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2288] close(4 [pid 2289] <... mount resumed>) = 0 [pid 2289] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2288] <... close resumed>) = 0 [pid 2287] <... futex resumed>) = 0 [pid 2287] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2288] mkdir("./file0", 0777) = 0 [pid 2289] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2289] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2287] <... futex resumed>) = 0 [pid 2287] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2289] <... futex resumed>) = 1 [pid 2289] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2288] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2288] ioctl(4, LOOP_CLR_FD) = 0 [pid 2288] close(4) = 0 [pid 2288] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2288] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2289] <... mmap resumed>) = 0x20000000 [pid 2289] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2287] <... futex resumed>) = 0 [pid 2289] <... futex resumed>) = 1 [pid 2289] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2287] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2288] <... futex resumed>) = 0 [pid 2288] memfd_create("syzkaller", 0) = 4 [pid 2288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2288] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2288] munmap(0x7f22d914f000, 138412032) = 0 [pid 2288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2288] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2288] ioctl(6, LOOP_CLR_FD) = 0 [pid 2288] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2288] close(6) = 0 [pid 2288] close(4) = 0 [pid 2288] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2288] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2287] exit_group(0 [pid 2289] <... futex resumed>) = ? [pid 2287] <... exit_group resumed>) = ? [pid 2289] +++ exited with 0 +++ [pid 2288] <... futex resumed>) = ? [pid 2288] +++ exited with 0 +++ [pid 2287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2287, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./616", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./616/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./616/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./616/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./616/bus") = 0 umount2("./616/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./616/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./616/binderfs") = 0 umount2("./616/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./616/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./616/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./616/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./616") = 0 mkdir("./617", 0777) = 0 [ 54.040842][ T2288] loop0: detected capacity change from 0 to 512 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2290 ./strace-static-x86_64: Process 2290 attached [pid 2290] set_robust_list(0x5555564336a0, 24) = 0 [pid 2290] chdir("./617") = 0 [pid 2290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2290] setpgid(0, 0) = 0 [pid 2290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2290] write(3, "1000", 4) = 4 [pid 2290] close(3) = 0 [pid 2290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2290] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2290] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2290] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2291 attached [pid 2291] set_robust_list(0x7f22e15909a0, 24 [pid 2290] <... clone3 resumed> => {parent_tid=[2291]}, 88) = 2291 [pid 2291] <... set_robust_list resumed>) = 0 [pid 2290] rt_sigprocmask(SIG_SETMASK, [], [pid 2291] rt_sigprocmask(SIG_SETMASK, [], [pid 2290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2290] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2291] memfd_create("syzkaller", 0 [pid 2290] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2291] <... memfd_create resumed>) = 3 [pid 2290] <... futex resumed>) = 0 [pid 2291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2291] <... mmap resumed>) = 0x7f22d914f000 [pid 2290] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2292]}, 88) = 2292 ./strace-static-x86_64: Process 2292 attached [pid 2292] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2290] rt_sigprocmask(SIG_SETMASK, [], [pid 2292] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2290] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2292] <... futex resumed>) = 0 [pid 2292] creat("./bus", 000 [pid 2290] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2292] <... creat resumed>) = 4 [pid 2292] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2292] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2290] <... futex resumed>) = 0 [pid 2290] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2292] <... futex resumed>) = 0 [pid 2292] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2290] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2292] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2292] <... futex resumed>) = 0 [pid 2290] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2290] <... futex resumed>) = 0 [pid 2290] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2292] <... open resumed>) = 5 [pid 2292] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2290] <... futex resumed>) = 0 [pid 2290] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2290] <... futex resumed>) = 0 [pid 2290] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2292] <... mmap resumed>) = 0x20000000 [pid 2292] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2290] <... futex resumed>) = 0 [pid 2292] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2290] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2290] <... futex resumed>) = 0 [pid 2292] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2291] <... write resumed>) = ? [pid 2291] +++ killed by SIGBUS +++ [pid 2292] +++ killed by SIGBUS +++ [pid 2290] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2290, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./617", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./617/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./617/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./617/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./617/bus") = 0 umount2("./617/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./617/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./617/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./617") = 0 mkdir("./618", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2293 ./strace-static-x86_64: Process 2293 attached [pid 2293] set_robust_list(0x5555564336a0, 24) = 0 [pid 2293] chdir("./618") = 0 [pid 2293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2293] setpgid(0, 0) = 0 [pid 2293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2293] write(3, "1000", 4) = 4 [pid 2293] close(3) = 0 [pid 2293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2293] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2293] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2293] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2294 attached => {parent_tid=[2294]}, 88) = 2294 [pid 2294] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2294] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2293] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2294] <... futex resumed>) = 0 [pid 2293] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2294] memfd_create("syzkaller", 0 [pid 2293] <... futex resumed>) = 0 [pid 2294] <... memfd_create resumed>) = 3 [pid 2294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2293] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2295 attached => {parent_tid=[2295]}, 88) = 2295 [pid 2293] rt_sigprocmask(SIG_SETMASK, [], [pid 2294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2293] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2293] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2295] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2295] creat("./bus", 000) = 4 [pid 2295] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2293] <... futex resumed>) = 0 [pid 2293] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2293] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2295] <... futex resumed>) = 1 [pid 2295] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2295] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2293] <... futex resumed>) = 0 [pid 2293] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2293] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2295] <... futex resumed>) = 1 [pid 2295] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2295] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2293] <... futex resumed>) = 0 [pid 2293] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2293] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2295] <... futex resumed>) = 1 [pid 2295] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2295] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2293] <... futex resumed>) = 0 [pid 2293] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2295] <... futex resumed>) = 1 [pid 2295] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2294] <... write resumed>) = ? [pid 2294] +++ killed by SIGBUS +++ [pid 2295] +++ killed by SIGBUS +++ [pid 2293] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2293, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./618", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./618/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./618/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./618/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./618/bus") = 0 umount2("./618/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./618/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./618/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./618") = 0 mkdir("./619", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2296 ./strace-static-x86_64: Process 2296 attached [pid 2296] set_robust_list(0x5555564336a0, 24) = 0 [pid 2296] chdir("./619") = 0 [pid 2296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2296] setpgid(0, 0) = 0 [pid 2296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2296] write(3, "1000", 4) = 4 [pid 2296] close(3) = 0 [pid 2296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2296] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2296] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2296] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2297 attached [pid 2297] set_robust_list(0x7f22e15909a0, 24 [pid 2296] <... clone3 resumed> => {parent_tid=[2297]}, 88) = 2297 [pid 2297] <... set_robust_list resumed>) = 0 [pid 2296] rt_sigprocmask(SIG_SETMASK, [], [pid 2297] rt_sigprocmask(SIG_SETMASK, [], [pid 2296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2296] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2296] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2296] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2298 attached => {parent_tid=[2298]}, 88) = 2298 [pid 2296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2296] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2296] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2297] memfd_create("syzkaller", 0) = 3 [pid 2297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2298] set_robust_list(0x7f22e156f9a0, 24 [pid 2297] <... mmap resumed>) = 0x7f22d914f000 [pid 2298] <... set_robust_list resumed>) = 0 [pid 2298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2298] creat("./bus", 000) = 4 [pid 2298] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2298] <... futex resumed>) = 1 [pid 2296] <... futex resumed>) = 0 [pid 2296] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2296] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2298] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2298] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2296] <... futex resumed>) = 0 [pid 2296] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2296] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2297] <... write resumed>) = 262144 [pid 2297] munmap(0x7f22d914f000, 138412032 [pid 2298] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2297] <... munmap resumed>) = 0 [pid 2297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2297] ioctl(5, LOOP_SET_FD, 3 [pid 2298] <... open resumed>) = 6 [pid 2298] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2297] <... ioctl resumed>) = 0 [pid 2297] close(3) = 0 [pid 2297] close(5) = 0 [pid 2297] mkdir("./file0", 0777) = 0 [pid 2297] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2296] <... futex resumed>) = 0 [pid 2296] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2296] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2298] <... futex resumed>) = 1 [pid 2298] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 2298] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2296] <... futex resumed>) = 0 [pid 2296] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2298] <... futex resumed>) = 1 [pid 2298] memfd_create("syzkaller", 0) = 3 [pid 2298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2298] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2298] munmap(0x7f22d914f000, 138412032) = 0 [pid 2298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2298] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2297] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2298] ioctl(5, LOOP_CLR_FD [pid 2297] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2298] <... ioctl resumed>) = 0 [pid 2297] <... openat resumed>) = 7 [pid 2297] ioctl(7, LOOP_CLR_FD) = 0 [pid 2297] close(7) = 0 [pid 2297] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2298] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2298] close(5) = 0 [pid 2298] close(3) = 0 [pid 2298] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2298] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2296] exit_group(0 [pid 2297] <... futex resumed>) = ? [pid 2296] <... exit_group resumed>) = ? [pid 2297] +++ exited with 0 +++ [pid 2298] <... futex resumed>) = ? [pid 2298] +++ exited with 0 +++ [pid 2296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2296, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./619", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./619/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./619/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./619/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./619/bus") = 0 umount2("./619/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./619/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./619/binderfs") = 0 umount2("./619/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./619/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./619/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./619/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./619") = 0 mkdir("./620", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2300 ./strace-static-x86_64: Process 2300 attached [pid 2300] set_robust_list(0x5555564336a0, 24) = 0 [pid 2300] chdir("./620") = 0 [pid 2300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2300] setpgid(0, 0) = 0 [pid 2300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2300] write(3, "1000", 4) = 4 [pid 2300] close(3) = 0 [pid 2300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2300] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2300] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2300] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2301 attached => {parent_tid=[2301]}, 88) = 2301 [pid 2300] rt_sigprocmask(SIG_SETMASK, [], [pid 2301] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2301] rt_sigprocmask(SIG_SETMASK, [], [pid 2300] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2300] <... futex resumed>) = 0 [pid 2300] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2300] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2302 attached [pid 2302] set_robust_list(0x7f22e156f9a0, 24 [pid 2300] <... clone3 resumed> => {parent_tid=[2302]}, 88) = 2302 [pid 2302] <... set_robust_list resumed>) = 0 [pid 2300] rt_sigprocmask(SIG_SETMASK, [], [pid 2302] rt_sigprocmask(SIG_SETMASK, [], [pid 2300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2302] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2300] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2302] <... futex resumed>) = 0 [pid 2300] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2302] creat("./bus", 000 [pid 2301] memfd_create("syzkaller", 0 [pid 2302] <... creat resumed>) = 3 [pid 2302] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2300] <... futex resumed>) = 0 [pid 2302] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2300] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2300] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2302] <... mount resumed>) = 0 [pid 2302] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2300] <... futex resumed>) = 0 [pid 2302] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2300] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2300] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2302] <... open resumed>) = 4 [pid 2302] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2302] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2300] <... futex resumed>) = 0 [pid 2300] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2302] <... futex resumed>) = 0 [pid 2300] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2302] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2301] <... memfd_create resumed>) = 5 [pid 2302] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2300] <... futex resumed>) = 0 [pid 2300] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2301] +++ killed by SIGBUS +++ [pid 2302] +++ killed by SIGBUS +++ [pid 2300] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2300, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./620", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./620/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./620/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./620/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./620/bus") = 0 umount2("./620/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./620/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./620/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./620") = 0 mkdir("./621", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 54.150259][ T2297] loop0: detected capacity change from 0 to 512 [ 54.165215][ T2297] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 54.178414][ T2297] EXT4-fs (loop0): get root inode failed [ 54.184232][ T2297] EXT4-fs (loop0): mount failed close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2303 ./strace-static-x86_64: Process 2303 attached [pid 2303] set_robust_list(0x5555564336a0, 24) = 0 [pid 2303] chdir("./621") = 0 [pid 2303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2303] setpgid(0, 0) = 0 [pid 2303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2303] write(3, "1000", 4) = 4 [pid 2303] close(3) = 0 [pid 2303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2303] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2303] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2303] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2304 attached => {parent_tid=[2304]}, 88) = 2304 [pid 2304] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2304] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2303] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2304] <... futex resumed>) = 0 [pid 2304] memfd_create("syzkaller", 0 [pid 2303] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2304] <... memfd_create resumed>) = 3 [pid 2304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2303] <... futex resumed>) = 0 [pid 2303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2303] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2305 attached => {parent_tid=[2305]}, 88) = 2305 [pid 2305] set_robust_list(0x7f22d916f9a0, 24 [pid 2304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2303] rt_sigprocmask(SIG_SETMASK, [], [pid 2305] <... set_robust_list resumed>) = 0 [pid 2303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2305] rt_sigprocmask(SIG_SETMASK, [], [pid 2303] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2303] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2305] creat("./bus", 000) = 4 [pid 2305] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2303] <... futex resumed>) = 0 [pid 2305] <... futex resumed>) = 1 [pid 2304] <... write resumed>) = 262144 [pid 2304] munmap(0x7f22d9170000, 138412032 [pid 2303] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2305] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2304] <... munmap resumed>) = 0 [pid 2303] <... futex resumed>) = 0 [pid 2304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2303] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2304] ioctl(5, LOOP_SET_FD, 3 [pid 2305] <... mount resumed>) = 0 [pid 2305] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2303] <... futex resumed>) = 0 [pid 2303] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2303] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2305] <... futex resumed>) = 1 [pid 2305] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2305] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2303] <... futex resumed>) = 0 [pid 2303] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2303] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2305] <... futex resumed>) = 1 [pid 2305] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2304] <... ioctl resumed>) = 0 [pid 2304] close(3) = 0 [pid 2304] close(5) = 0 [pid 2304] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2304] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2304] ioctl(3, LOOP_CLR_FD) = 0 [pid 2304] close(3) = 0 [pid 2304] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2304] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2305] <... mmap resumed>) = 0x20000000 [pid 2305] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2303] <... futex resumed>) = 0 [pid 2303] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2304] <... futex resumed>) = 0 [pid 2304] memfd_create("syzkaller", 0) = 3 [pid 2304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2305] <... futex resumed>) = 1 [pid 2305] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2304] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2304] munmap(0x7f22d9170000, 138412032) = 0 [pid 2304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2304] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2304] ioctl(5, LOOP_CLR_FD) = 0 [pid 2304] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2304] close(5) = 0 [pid 2304] close(3) = 0 [pid 2304] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2304] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2303] exit_group(0 [pid 2305] <... futex resumed>) = ? [pid 2303] <... exit_group resumed>) = ? [pid 2305] +++ exited with 0 +++ [pid 2304] <... futex resumed>) = ? [pid 2304] +++ exited with 0 +++ [pid 2303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2303, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./621", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./621/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./621/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./621/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./621/bus") = 0 umount2("./621/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./621/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./621/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./621") = 0 mkdir("./622", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2306 ./strace-static-x86_64: Process 2306 attached [pid 2306] set_robust_list(0x5555564336a0, 24) = 0 [pid 2306] chdir("./622") = 0 [pid 2306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2306] setpgid(0, 0) = 0 [pid 2306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2306] write(3, "1000", 4) = 4 [pid 2306] close(3) = 0 [pid 2306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2306] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2306] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2306] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2307]}, 88) = 2307 [pid 2306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2306] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2306] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [ 54.243876][ T2304] loop0: detected capacity change from 0 to 512 [pid 2306] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2308 attached => {parent_tid=[2308]}, 88) = 2308 [pid 2308] set_robust_list(0x7f22e156f9a0, 24 [pid 2306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2308] <... set_robust_list resumed>) = 0 [pid 2306] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2308] rt_sigprocmask(SIG_SETMASK, [], [pid 2306] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2308] creat("./bus", 000) = 3 [pid 2308] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2306] <... futex resumed>) = 0 [pid 2308] <... futex resumed>) = 1 [pid 2306] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2308] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2306] <... futex resumed>) = 0 [pid 2306] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2308] <... mount resumed>) = 0 [pid 2308] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2306] <... futex resumed>) = 0 [pid 2306] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2308] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2306] <... futex resumed>) = 0 [pid 2306] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2308] <... open resumed>) = 4 [pid 2308] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2307 attached [pid 2307] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2307] memfd_create("syzkaller", 0) = 5 [pid 2308] <... futex resumed>) = 1 [pid 2306] <... futex resumed>) = 0 [pid 2307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2306] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2307] <... mmap resumed>) = 0x7f22d914f000 [pid 2306] <... futex resumed>) = 0 [pid 2308] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2306] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2308] <... mmap resumed>) = 0x20000000 [pid 2307] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d3e} --- [pid 2306] <... futex resumed>) = ? [pid 2308] +++ killed by SIGBUS +++ [pid 2307] +++ killed by SIGBUS +++ [pid 2306] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2306, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./622", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./622/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./622/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./622/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./622/bus") = 0 umount2("./622/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./622/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./622/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./622") = 0 mkdir("./623", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2309 ./strace-static-x86_64: Process 2309 attached [pid 2309] set_robust_list(0x5555564336a0, 24) = 0 [pid 2309] chdir("./623") = 0 [pid 2309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2309] setpgid(0, 0) = 0 [pid 2309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2309] write(3, "1000", 4) = 4 [pid 2309] close(3) = 0 [pid 2309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2309] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2309] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2309] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2310]}, 88) = 2310 ./strace-static-x86_64: Process 2310 attached [pid 2309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2309] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2309] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2309] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2310] set_robust_list(0x7f22e15909a0, 24 [pid 2309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2311]}, 88) = 2311 [pid 2310] <... set_robust_list resumed>) = 0 [pid 2309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2309] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2309] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2311 attached [pid 2311] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2311] creat("./bus", 000) = 3 [pid 2310] rt_sigprocmask(SIG_SETMASK, [], [pid 2311] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2309] <... futex resumed>) = 0 [pid 2309] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2309] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2311] <... futex resumed>) = 1 [pid 2311] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2311] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2309] <... futex resumed>) = 0 [pid 2309] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2309] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2311] <... futex resumed>) = 1 [pid 2311] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2311] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2309] <... futex resumed>) = 0 [pid 2309] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2309] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2311] <... futex resumed>) = 1 [pid 2311] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2311] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2309] <... futex resumed>) = 0 [pid 2309] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2311] <... futex resumed>) = 1 [pid 2311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2311] +++ killed by SIGBUS +++ [pid 2310] <... rt_sigprocmask resumed> ) = ? [pid 2310] +++ killed by SIGBUS +++ [pid 2309] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2309, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./623", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./623/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./623/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./623/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./623/bus") = 0 umount2("./623/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./623/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./623/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./623") = 0 mkdir("./624", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2312 ./strace-static-x86_64: Process 2312 attached [pid 2312] set_robust_list(0x5555564336a0, 24) = 0 [pid 2312] chdir("./624") = 0 [pid 2312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2312] setpgid(0, 0) = 0 [pid 2312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2312] write(3, "1000", 4) = 4 [pid 2312] close(3) = 0 [pid 2312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2312] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2312] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2313]}, 88) = 2313 [pid 2312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2312] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2312] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2314]}, 88) = 2314 ./strace-static-x86_64: Process 2313 attached [pid 2312] rt_sigprocmask(SIG_SETMASK, [], [pid 2313] set_robust_list(0x7f22e15909a0, 24 [pid 2312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2312] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2314 attached [pid 2314] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2314] creat("./bus", 000 [pid 2313] <... set_robust_list resumed>) = 0 [pid 2313] rt_sigprocmask(SIG_SETMASK, [], [pid 2314] <... creat resumed>) = 3 [pid 2314] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... futex resumed>) = 0 [pid 2312] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2314] <... futex resumed>) = 1 [pid 2314] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2314] <... mount resumed>) = 0 [pid 2314] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... futex resumed>) = 0 [pid 2312] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2314] <... futex resumed>) = 1 [pid 2314] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2314] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... futex resumed>) = 0 [pid 2312] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2314] <... futex resumed>) = 1 [pid 2314] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2313] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000184} --- [pid 2314] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 2312] <... futex resumed>) = ? [pid 2314] +++ killed by SIGBUS +++ [pid 2313] +++ killed by SIGBUS +++ [pid 2312] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2312, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./624", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./624/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./624/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./624/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./624/bus") = 0 umount2("./624/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./624/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./624/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./624") = 0 mkdir("./625", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2315 ./strace-static-x86_64: Process 2315 attached [pid 2315] set_robust_list(0x5555564336a0, 24) = 0 [pid 2315] chdir("./625") = 0 [pid 2315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2315] setpgid(0, 0) = 0 [pid 2315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2315] write(3, "1000", 4) = 4 [pid 2315] close(3) = 0 [pid 2315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2315] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2315] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2315] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2316]}, 88) = 2316 [pid 2315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2315] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2315] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2315] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2317 attached => {parent_tid=[2317]}, 88) = 2317 [pid 2315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2315] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2315] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2316 attached [pid 2316] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2316] memfd_create("syzkaller", 0 [pid 2317] set_robust_list(0x7f22e156f9a0, 24 [pid 2316] <... memfd_create resumed>) = 3 [pid 2316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2317] <... set_robust_list resumed>) = 0 [pid 2316] <... mmap resumed>) = 0x7f22d914f000 [pid 2317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2317] creat("./bus", 000 [pid 2316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2317] <... creat resumed>) = 4 [pid 2317] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2315] <... futex resumed>) = 0 [pid 2315] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2315] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2317] <... futex resumed>) = 1 [pid 2317] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2317] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2315] <... futex resumed>) = 0 [pid 2315] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2315] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2317] <... futex resumed>) = 1 [pid 2317] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2317] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2315] <... futex resumed>) = 0 [pid 2315] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2315] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2317] <... futex resumed>) = 1 [pid 2317] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2317] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2315] <... futex resumed>) = 0 [pid 2315] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2317] <... futex resumed>) = 1 [pid 2317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2317] +++ killed by SIGBUS +++ [pid 2316] <... write resumed>) = ? [pid 2316] +++ killed by SIGBUS +++ [pid 2315] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2315, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./625", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./625/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./625/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./625/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./625/bus") = 0 umount2("./625/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./625/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./625/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./625") = 0 mkdir("./626", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2318 ./strace-static-x86_64: Process 2318 attached [pid 2318] set_robust_list(0x5555564336a0, 24) = 0 [pid 2318] chdir("./626") = 0 [pid 2318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2318] setpgid(0, 0) = 0 [pid 2318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2318] write(3, "1000", 4) = 4 [pid 2318] close(3) = 0 [pid 2318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2318] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2318] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2318] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2319 attached => {parent_tid=[2319]}, 88) = 2319 [pid 2318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2318] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2318] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2318] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2319] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2319] rt_sigprocmask(SIG_SETMASK, [], [pid 2318] <... clone3 resumed> => {parent_tid=[2320]}, 88) = 2320 [pid 2318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2318] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2318] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2320 attached [pid 2320] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2320] creat("./bus", 000 [pid 2319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2320] <... creat resumed>) = 3 [pid 2319] memfd_create("syzkaller", 0 [pid 2320] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2319] <... memfd_create resumed>) = 4 [pid 2318] <... futex resumed>) = 0 [pid 2318] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2318] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2320] <... futex resumed>) = 1 [pid 2320] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2320] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] <... futex resumed>) = 0 [pid 2318] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2318] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2320] <... futex resumed>) = 1 [pid 2320] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2320] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] <... futex resumed>) = 0 [pid 2318] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2318] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2320] <... futex resumed>) = 1 [pid 2320] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2320] <... mmap resumed>) = 0x20000000 [pid 2320] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] <... futex resumed>) = 0 [pid 2318] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2320] <... futex resumed>) = 1 [pid 2320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2319] <... mmap resumed>) = ? [pid 2319] +++ killed by SIGBUS +++ [pid 2320] +++ killed by SIGBUS +++ [pid 2318] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2318, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./626", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./626/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./626/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./626/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./626/bus") = 0 umount2("./626/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./626/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./626/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./626") = 0 mkdir("./627", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2321 ./strace-static-x86_64: Process 2321 attached [pid 2321] set_robust_list(0x5555564336a0, 24) = 0 [pid 2321] chdir("./627") = 0 [pid 2321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2321] setpgid(0, 0) = 0 [pid 2321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2321] write(3, "1000", 4) = 4 [pid 2321] close(3) = 0 [pid 2321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2321] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2321] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2321] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2321] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2322 attached => {parent_tid=[2322]}, 88) = 2322 [pid 2321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2321] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2321] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2322] set_robust_list(0x7f22e15909a0, 24 [pid 2321] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2323]}, 88) = 2323 [pid 2322] <... set_robust_list resumed>) = 0 [pid 2321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2321] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2321] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2323 attached [pid 2323] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2323] creat("./bus", 000) = 3 [pid 2323] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2321] <... futex resumed>) = 0 [pid 2321] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] rt_sigprocmask(SIG_SETMASK, [], [pid 2321] <... futex resumed>) = 0 [pid 2321] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2323] <... futex resumed>) = 1 [pid 2323] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2323] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2321] <... futex resumed>) = 0 [pid 2321] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2321] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2323] <... futex resumed>) = 1 [pid 2323] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2323] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2321] <... futex resumed>) = 0 [pid 2321] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2321] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2323] <... futex resumed>) = 1 [pid 2323] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2323] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2321] <... futex resumed>) = 0 [pid 2321] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2323] <... futex resumed>) = 1 [pid 2323] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000184} --- [pid 2322] +++ killed by SIGBUS +++ [pid 2323] +++ killed by SIGBUS +++ [pid 2321] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2321, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./627", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./627/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./627/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./627/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./627/bus") = 0 umount2("./627/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./627/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./627/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./627") = 0 mkdir("./628", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2324 ./strace-static-x86_64: Process 2324 attached [pid 2324] set_robust_list(0x5555564336a0, 24) = 0 [pid 2324] chdir("./628") = 0 [pid 2324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2324] setpgid(0, 0) = 0 [pid 2324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2324] write(3, "1000", 4) = 4 [pid 2324] close(3) = 0 [pid 2324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2324] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2324] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2324] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2325 attached => {parent_tid=[2325]}, 88) = 2325 [pid 2325] set_robust_list(0x7f22e15909a0, 24 [pid 2324] rt_sigprocmask(SIG_SETMASK, [], [pid 2325] <... set_robust_list resumed>) = 0 [pid 2325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2325] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2324] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2324] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2324] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2326 attached => {parent_tid=[2326]}, 88) = 2326 [pid 2324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2324] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2324] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2325] <... futex resumed>) = 0 [pid 2325] memfd_create("syzkaller", 0) = 3 [pid 2325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2326] set_robust_list(0x7f22e156f9a0, 24 [pid 2325] <... mmap resumed>) = 0x7f22d914f000 [pid 2326] <... set_robust_list resumed>) = 0 [pid 2326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2326] creat("./bus", 000) = 4 [pid 2326] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2324] <... futex resumed>) = 0 [pid 2324] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2324] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2326] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2326] <... mount resumed>) = 0 [pid 2326] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2324] <... futex resumed>) = 0 [pid 2324] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2324] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2326] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2325] <... write resumed>) = 262144 [pid 2325] munmap(0x7f22d914f000, 138412032) = 0 [pid 2325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2326] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2325] ioctl(6, LOOP_SET_FD, 3 [pid 2326] <... futex resumed>) = 1 [pid 2324] <... futex resumed>) = 0 [pid 2324] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2324] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2325] <... ioctl resumed>) = 0 [pid 2325] close(3) = 0 [pid 2325] close(6) = 0 [pid 2325] mkdir("./file0", 0777) = 0 [pid 2325] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2326] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2326] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2324] <... futex resumed>) = 0 [pid 2324] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2326] <... futex resumed>) = 1 [pid 2326] memfd_create("syzkaller", 0) = 3 [pid 2326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2325] <... mount resumed>) = 0 [pid 2325] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2325] ioctl(6, LOOP_CLR_FD) = 0 [pid 2325] close(6) = 0 [pid 2325] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2325] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2326] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2326] munmap(0x7f22d914f000, 138412032) = 0 [pid 2326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2326] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2326] ioctl(6, LOOP_CLR_FD) = 0 [pid 2326] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2326] close(6) = 0 [pid 2326] close(3) = 0 [pid 2326] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2326] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2324] exit_group(0 [pid 2325] <... futex resumed>) = ? [pid 2324] <... exit_group resumed>) = ? [pid 2325] +++ exited with 0 +++ [pid 2326] <... futex resumed>) = ? [ 54.421642][ T2325] loop0: detected capacity change from 0 to 512 [ 54.434165][ T2325] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor245: couldn't read orphan inode 12 (err -116) [pid 2326] +++ exited with 0 +++ [pid 2324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2324, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./628", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./628/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./628/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./628/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./628/bus") = 0 umount2("./628/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./628/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./628/binderfs") = 0 umount2("./628/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./628/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./628/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./628/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./628/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./628") = 0 mkdir("./629", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2329 ./strace-static-x86_64: Process 2329 attached [pid 2329] set_robust_list(0x5555564336a0, 24) = 0 [pid 2329] chdir("./629") = 0 [pid 2329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2329] setpgid(0, 0) = 0 [pid 2329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2329] write(3, "1000", 4) = 4 [pid 2329] close(3) = 0 [pid 2329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2329] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2329] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2329] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2330 attached => {parent_tid=[2330]}, 88) = 2330 [pid 2330] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2330] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2329] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2330] <... futex resumed>) = 0 [pid 2329] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2330] memfd_create("syzkaller", 0 [pid 2329] <... futex resumed>) = 0 [pid 2330] <... memfd_create resumed>) = 3 [pid 2330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2329] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2331]}, 88) = 2331 [pid 2330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2331 attached [pid 2329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2329] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2329] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2331] set_robust_list(0x7f22d916f9a0, 24 [pid 2330] <... write resumed>) = 262144 [pid 2330] munmap(0x7f22d9170000, 138412032 [pid 2331] <... set_robust_list resumed>) = 0 [pid 2330] <... munmap resumed>) = 0 [pid 2330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2331] rt_sigprocmask(SIG_SETMASK, [], [pid 2330] ioctl(4, LOOP_SET_FD, 3 [pid 2331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2331] creat("./bus", 000) = 5 [pid 2331] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2329] <... futex resumed>) = 0 [pid 2329] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2329] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2331] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2331] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2329] <... futex resumed>) = 0 [pid 2329] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2329] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2331] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2331] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2329] <... futex resumed>) = 0 [pid 2329] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2329] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2331] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2330] <... ioctl resumed>) = 0 [pid 2330] close(3) = 0 [pid 2330] close(4) = 0 [pid 2330] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2330] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2330] ioctl(3, LOOP_CLR_FD) = 0 [pid 2330] close(3) = 0 [pid 2330] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2330] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2331] <... mmap resumed>) = 0x20000000 [pid 2331] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2329] <... futex resumed>) = 0 [pid 2329] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2330] <... futex resumed>) = 0 [pid 2331] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2330] memfd_create("syzkaller", 0) = 3 [pid 2330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2330] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2330] munmap(0x7f22d9170000, 138412032) = 0 [pid 2330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2330] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2330] ioctl(4, LOOP_CLR_FD) = 0 [pid 2330] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2330] close(4) = 0 [pid 2330] close(3) = 0 [pid 2330] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2330] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2329] exit_group(0 [pid 2331] <... futex resumed>) = ? [pid 2329] <... exit_group resumed>) = ? [pid 2331] +++ exited with 0 +++ [pid 2330] <... futex resumed>) = ? [pid 2330] +++ exited with 0 +++ [pid 2329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2329, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./629", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./629", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./629/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./629/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./629/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./629/bus") = 0 umount2("./629/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./629/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./629/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./629") = 0 mkdir("./630", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2332 attached , child_tidptr=0x555556433690) = 2332 [pid 2332] set_robust_list(0x5555564336a0, 24) = 0 [pid 2332] chdir("./630") = 0 [pid 2332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2332] setpgid(0, 0) = 0 [pid 2332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2332] write(3, "1000", 4) = 4 [pid 2332] close(3) = 0 [pid 2332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2332] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2332] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2333]}, 88) = 2333 [pid 2332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2332] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2332] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2334]}, 88) = 2334 [pid 2332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2332] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2333 attached ./strace-static-x86_64: Process 2334 attached [pid 2333] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2333] memfd_create("syzkaller", 0) = 3 [pid 2333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [ 54.504242][ T2330] loop0: detected capacity change from 0 to 512 [pid 2334] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2334] creat("./bus", 000) = 4 [pid 2334] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2332] <... futex resumed>) = 0 [pid 2332] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2334] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2334] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2332] <... futex resumed>) = 0 [pid 2334] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2332] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2332] <... futex resumed>) = 0 [pid 2334] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2332] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2334] <... open resumed>) = 5 [pid 2334] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2334] <... futex resumed>) = 0 [pid 2334] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2332] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2334] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2332] <... futex resumed>) = 0 [pid 2332] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2334] <... mmap resumed>) = 0x20000000 [pid 2334] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2332] <... futex resumed>) = 0 [pid 2334] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2332] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2334] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2332] ????() = ? [pid 2334] +++ killed by SIGBUS +++ [pid 2333] +++ killed by SIGBUS +++ [pid 2332] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2332, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./630", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./630", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./630/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./630/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./630/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./630/bus") = 0 umount2("./630/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./630/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./630/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./630") = 0 mkdir("./631", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2335 attached [pid 2335] set_robust_list(0x5555564336a0, 24) = 0 [pid 2335] chdir("./631" [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2335 [pid 2335] <... chdir resumed>) = 0 [pid 2335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2335] setpgid(0, 0) = 0 [pid 2335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2335] write(3, "1000", 4) = 4 [pid 2335] close(3) = 0 [pid 2335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2335] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2335] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2335] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2336 attached => {parent_tid=[2336]}, 88) = 2336 [pid 2336] set_robust_list(0x7f22e15909a0, 24 [pid 2335] rt_sigprocmask(SIG_SETMASK, [], [pid 2336] <... set_robust_list resumed>) = 0 [pid 2335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2336] rt_sigprocmask(SIG_SETMASK, [], [pid 2335] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2335] <... futex resumed>) = 0 [pid 2336] memfd_create("syzkaller", 0 [pid 2335] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2336] <... memfd_create resumed>) = 3 [pid 2335] <... mmap resumed>) = 0x7f22e154f000 [pid 2335] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2335] <... mprotect resumed>) = 0 [pid 2335] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2336] <... mmap resumed>) = 0x7f22d914f000 [pid 2335] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2337 attached => {parent_tid=[2337]}, 88) = 2337 [pid 2335] rt_sigprocmask(SIG_SETMASK, [], [pid 2337] set_robust_list(0x7f22e156f9a0, 24 [pid 2335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2337] <... set_robust_list resumed>) = 0 [pid 2337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2337] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2335] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2337] <... futex resumed>) = 0 [pid 2337] creat("./bus", 000 [pid 2335] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2337] <... creat resumed>) = 4 [pid 2337] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2335] <... futex resumed>) = 0 [pid 2335] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2337] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2335] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2337] <... mount resumed>) = 0 [pid 2337] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2335] <... futex resumed>) = 0 [pid 2337] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2335] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2335] <... futex resumed>) = 0 [pid 2337] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2335] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2337] <... open resumed>) = 5 [pid 2337] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2335] <... futex resumed>) = 0 [pid 2335] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2335] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2337] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2336] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d5b} --- [pid 2337] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2335] <... futex resumed>) = 0 [pid 2335] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2337] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2337] +++ killed by SIGBUS +++ [pid 2336] +++ killed by SIGBUS +++ [pid 2335] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2335, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./631", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./631", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./631/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./631/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./631/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./631/bus") = 0 umount2("./631/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./631/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./631/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./631") = 0 mkdir("./632", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2338 ./strace-static-x86_64: Process 2338 attached [pid 2338] set_robust_list(0x5555564336a0, 24) = 0 [pid 2338] chdir("./632") = 0 [pid 2338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2338] setpgid(0, 0) = 0 [pid 2338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2338] write(3, "1000", 4) = 4 [pid 2338] close(3) = 0 [pid 2338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2338] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2338] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2338] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2339]}, 88) = 2339 ./strace-static-x86_64: Process 2339 attached [pid 2338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2338] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2338] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2339] set_robust_list(0x7f22e15909a0, 24 [pid 2338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2339] <... set_robust_list resumed>) = 0 [pid 2339] rt_sigprocmask(SIG_SETMASK, [], [pid 2338] <... mmap resumed>) = 0x7f22e154f000 [pid 2339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2339] memfd_create("syzkaller", 0 [pid 2338] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2339] <... memfd_create resumed>) = 3 [pid 2338] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2338] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2340 attached [pid 2340] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2338] <... clone3 resumed> => {parent_tid=[2340]}, 88) = 2340 [pid 2338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2338] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2338] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2340] creat("./bus", 000) = 4 [pid 2340] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2340] <... futex resumed>) = 1 [pid 2339] <... write resumed>) = 262144 [pid 2338] <... futex resumed>) = 0 [pid 2338] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2338] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2339] munmap(0x7f22d914f000, 138412032) = 0 [pid 2339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2340] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2339] ioctl(5, LOOP_SET_FD, 3 [pid 2340] <... mount resumed>) = 0 [pid 2340] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2339] <... ioctl resumed>) = 0 [pid 2339] close(3) = 0 [pid 2339] close(5) = 0 [pid 2339] mkdir("./file0", 0777) = 0 [pid 2339] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2338] <... futex resumed>) = 0 [pid 2338] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2338] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2340] <... futex resumed>) = 1 [pid 2340] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2340] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] <... futex resumed>) = 0 [pid 2338] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2338] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2340] <... futex resumed>) = 1 [pid 2340] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2340] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] <... futex resumed>) = 0 [pid 2338] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2340] <... futex resumed>) = 1 [pid 2340] memfd_create("syzkaller", 0) = 5 [pid 2340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2340] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2339] <... mount resumed>) = 0 [pid 2339] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2339] ioctl(6, LOOP_CLR_FD) = 0 [pid 2339] close(6) = 0 [pid 2339] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2339] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2340] <... write resumed>) = 4194304 [pid 2340] munmap(0x7f22d914f000, 138412032) = 0 [pid 2340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2340] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2340] ioctl(6, LOOP_CLR_FD) = 0 [pid 2340] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2340] close(6) = 0 [pid 2340] close(5) = 0 [pid 2340] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] exit_group(0) = ? [pid 2339] <... futex resumed>) = ? [pid 2339] +++ exited with 0 +++ [pid 2340] <... futex resumed>) = ? [pid 2340] +++ exited with 0 +++ [pid 2338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2338, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./632", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./632", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./632/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./632/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./632/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./632/bus") = 0 umount2("./632/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./632/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./632/binderfs") = 0 umount2("./632/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./632/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./632/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./632/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./632/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./632/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./632") = 0 mkdir("./633", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2343 ./strace-static-x86_64: Process 2343 attached [pid 2343] set_robust_list(0x5555564336a0, 24) = 0 [pid 2343] chdir("./633") = 0 [pid 2343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2343] setpgid(0, 0) = 0 [pid 2343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2343] write(3, "1000", 4) = 4 [pid 2343] close(3) = 0 [pid 2343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2343] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2343] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2343] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2344 attached [pid 2344] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2343] <... clone3 resumed> => {parent_tid=[2344]}, 88) = 2344 [pid 2344] rt_sigprocmask(SIG_SETMASK, [], [pid 2343] rt_sigprocmask(SIG_SETMASK, [], [pid 2344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2344] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2343] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2344] <... futex resumed>) = 0 [pid 2343] <... futex resumed>) = 1 [pid 2343] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2344] memfd_create("syzkaller", 0 [pid 2343] <... futex resumed>) = 0 [pid 2344] <... memfd_create resumed>) = 3 [pid 2343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2343] <... mmap resumed>) = 0x7f22e154f000 [pid 2343] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2345]}, 88) = 2345 [pid 2343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2343] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2343] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2344] <... mmap resumed>) = 0x7f22d914f000 ./strace-static-x86_64: Process 2345 attached [pid 2345] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2345] creat("./bus", 000) = 4 [pid 2345] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2343] <... futex resumed>) = 0 [pid 2343] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2343] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2345] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2345] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2343] <... futex resumed>) = 0 [pid 2343] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2343] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2345] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2344] <... write resumed>) = 262144 [pid 2344] munmap(0x7f22d914f000, 138412032 [pid 2345] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2344] <... munmap resumed>) = 0 [ 54.628884][ T2339] loop0: detected capacity change from 0 to 512 [ 54.646456][ T2339] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor245: couldn't read orphan inode 12 (err -116) [pid 2344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2344] ioctl(6, LOOP_SET_FD, 3 [pid 2345] <... futex resumed>) = 1 [pid 2345] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2344] <... ioctl resumed>) = 0 [pid 2343] <... futex resumed>) = 0 [pid 2344] close(3 [pid 2343] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2344] <... close resumed>) = 0 [pid 2344] close(6 [pid 2343] <... futex resumed>) = 1 [pid 2345] <... futex resumed>) = 0 [pid 2343] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2345] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2344] <... close resumed>) = 0 [pid 2344] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2344] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2344] ioctl(3, LOOP_CLR_FD) = 0 [pid 2344] close(3) = 0 [pid 2344] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2344] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2345] <... mmap resumed>) = 0x20000000 [pid 2345] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2343] <... futex resumed>) = 0 [pid 2343] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2344] <... futex resumed>) = 0 [pid 2344] memfd_create("syzkaller", 0) = 3 [pid 2344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2345] <... futex resumed>) = 1 [pid 2345] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2344] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2344] munmap(0x7f22d914f000, 138412032) = 0 [pid 2344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2344] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2344] ioctl(6, LOOP_CLR_FD) = 0 [pid 2344] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2344] close(6) = 0 [pid 2344] close(3) = 0 [pid 2344] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2344] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2343] exit_group(0 [pid 2345] <... futex resumed>) = ? [pid 2343] <... exit_group resumed>) = ? [pid 2345] +++ exited with 0 +++ [pid 2344] <... futex resumed>) = ? [ 54.705801][ T2344] loop0: detected capacity change from 0 to 512 [pid 2344] +++ exited with 0 +++ [pid 2343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2343, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./633", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./633", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./633/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./633/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./633/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./633/bus") = 0 umount2("./633/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./633/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./633/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./633") = 0 mkdir("./634", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2346 ./strace-static-x86_64: Process 2346 attached [pid 2346] set_robust_list(0x5555564336a0, 24) = 0 [pid 2346] chdir("./634") = 0 [pid 2346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2346] setpgid(0, 0) = 0 [pid 2346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2346] write(3, "1000", 4) = 4 [pid 2346] close(3) = 0 [pid 2346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2346] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2346] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2346] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2346] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2347 attached => {parent_tid=[2347]}, 88) = 2347 [pid 2347] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2347] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2346] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2347] <... futex resumed>) = 0 [pid 2347] memfd_create("syzkaller", 0 [pid 2346] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2346] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2347] <... memfd_create resumed>) = 3 [pid 2346] <... mprotect resumed>) = 0 [pid 2347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2348 attached => {parent_tid=[2348]}, 88) = 2348 [pid 2346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2346] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2346] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2348] set_robust_list(0x7f22e156f9a0, 24 [pid 2347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2348] <... set_robust_list resumed>) = 0 [pid 2348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2348] creat("./bus", 000) = 4 [pid 2348] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2346] <... futex resumed>) = 0 [pid 2346] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2346] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2347] <... write resumed>) = 262144 [pid 2347] munmap(0x7f22d914f000, 138412032 [pid 2348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2347] <... munmap resumed>) = 0 [pid 2347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2347] ioctl(5, LOOP_SET_FD, 3 [pid 2348] <... mount resumed>) = 0 [pid 2348] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2347] <... ioctl resumed>) = 0 [pid 2347] close(3) = 0 [pid 2347] close(5) = 0 [pid 2347] mkdir("./file0", 0777) = 0 [pid 2347] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2346] <... futex resumed>) = 0 [pid 2346] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2346] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2348] <... futex resumed>) = 1 [pid 2348] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2348] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2346] <... futex resumed>) = 0 [pid 2346] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2346] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2348] <... futex resumed>) = 1 [pid 2348] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2348] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2346] <... futex resumed>) = 0 [pid 2346] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2348] <... futex resumed>) = 1 [pid 2348] memfd_create("syzkaller", 0) = 5 [pid 2348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2348] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [ 54.786225][ T2347] loop0: detected capacity change from 0 to 512 [ 54.798800][ T2347] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [pid 2348] munmap(0x7f22d914f000, 138412032) = 0 [pid 2348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2348] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2348] ioctl(6, LOOP_CLR_FD) = 0 [pid 2348] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2348] close(6) = 0 [pid 2347] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2348] close(5 [pid 2347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2347] ioctl(5, LOOP_CLR_FD) = 0 [pid 2347] close(5) = 0 [pid 2347] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2348] <... close resumed>) = 0 [pid 2348] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2348] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2346] exit_group(0 [pid 2347] <... futex resumed>) = ? [pid 2346] <... exit_group resumed>) = ? [pid 2347] +++ exited with 0 +++ [pid 2348] <... futex resumed>) = ? [pid 2348] +++ exited with 0 +++ [pid 2346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2346, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./634", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./634", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./634/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./634/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./634/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./634/bus") = 0 umount2("./634/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./634/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./634/binderfs") = 0 umount2("./634/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./634/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./634/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./634/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./634/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./634") = 0 mkdir("./635", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2350 ./strace-static-x86_64: Process 2350 attached [pid 2350] set_robust_list(0x5555564336a0, 24) = 0 [pid 2350] chdir("./635") = 0 [pid 2350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2350] setpgid(0, 0) = 0 [pid 2350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2350] write(3, "1000", 4) = 4 [pid 2350] close(3) = 0 [pid 2350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2350] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2350] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2350] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2351 attached => {parent_tid=[2351]}, 88) = 2351 [pid 2351] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2351] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2350] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2351] <... futex resumed>) = 0 [pid 2351] memfd_create("syzkaller", 0 [pid 2350] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2351] <... memfd_create resumed>) = 3 [pid 2350] <... futex resumed>) = 0 [pid 2351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2350] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2352]}, 88) = 2352 [pid 2350] rt_sigprocmask(SIG_SETMASK, [], [pid 2351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2350] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2350] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2352 attached [pid 2351] <... write resumed>) = 262144 [ 54.828035][ T2347] EXT4-fs (loop0): get root inode failed [ 54.833524][ T2347] EXT4-fs (loop0): mount failed [pid 2351] munmap(0x7f22d9170000, 138412032) = 0 [pid 2351] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2352] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2351] <... openat resumed>) = 4 [pid 2352] rt_sigprocmask(SIG_SETMASK, [], [pid 2351] ioctl(4, LOOP_SET_FD, 3 [pid 2352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2352] creat("./bus", 000) = 5 [pid 2352] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2350] <... futex resumed>) = 0 [pid 2350] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2350] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2352] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2352] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2350] <... futex resumed>) = 0 [pid 2350] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2350] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2352] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2352] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2350] <... futex resumed>) = 0 [pid 2350] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2350] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2352] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2351] <... ioctl resumed>) = 0 [pid 2351] close(3) = 0 [pid 2351] close(4) = 0 [pid 2351] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2351] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2351] ioctl(3, LOOP_CLR_FD) = 0 [pid 2351] close(3) = 0 [pid 2351] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2351] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2352] <... mmap resumed>) = 0x20000000 [pid 2352] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2350] <... futex resumed>) = 0 [pid 2350] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2351] <... futex resumed>) = 0 [pid 2351] memfd_create("syzkaller", 0) = 3 [pid 2351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2352] <... futex resumed>) = 1 [pid 2352] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2351] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2351] munmap(0x7f22d9170000, 138412032) = 0 [pid 2351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2351] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2351] ioctl(4, LOOP_CLR_FD) = 0 [pid 2351] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2351] close(4) = 0 [pid 2351] close(3) = 0 [pid 2351] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2351] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2350] exit_group(0 [pid 2352] <... futex resumed>) = ? [pid 2350] <... exit_group resumed>) = ? [pid 2352] +++ exited with 0 +++ [pid 2351] <... futex resumed>) = ? [pid 2351] +++ exited with 0 +++ [pid 2350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2350, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./635", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./635", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./635/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./635/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./635/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./635/bus") = 0 umount2("./635/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./635/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./635/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./635") = 0 mkdir("./636", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2353 ./strace-static-x86_64: Process 2353 attached [pid 2353] set_robust_list(0x5555564336a0, 24) = 0 [pid 2353] chdir("./636") = 0 [pid 2353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2353] setpgid(0, 0) = 0 [pid 2353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2353] write(3, "1000", 4) = 4 [pid 2353] close(3) = 0 [pid 2353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2353] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2353] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2353] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2354 attached [pid 2354] set_robust_list(0x7f22e15909a0, 24 [pid 2353] <... clone3 resumed> => {parent_tid=[2354]}, 88) = 2354 [pid 2354] <... set_robust_list resumed>) = 0 [pid 2353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2353] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2354] memfd_create("syzkaller", 0 [pid 2353] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2354] <... memfd_create resumed>) = 3 [pid 2354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2353] <... futex resumed>) = 0 [pid 2353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2354] <... mmap resumed>) = 0x7f22d9170000 [pid 2353] <... mmap resumed>) = 0x7f22d914f000 [pid 2353] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 54.875058][ T2351] loop0: detected capacity change from 0 to 512 [pid 2353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2355 attached => {parent_tid=[2355]}, 88) = 2355 [pid 2355] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2355] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2353] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2355] <... futex resumed>) = 0 [pid 2355] creat("./bus", 000 [pid 2353] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2355] <... creat resumed>) = 4 [pid 2355] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2355] <... futex resumed>) = 1 [pid 2355] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2353] <... futex resumed>) = 0 [pid 2353] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2355] <... futex resumed>) = 0 [pid 2355] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2353] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2355] <... mount resumed>) = 0 [pid 2355] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2353] <... futex resumed>) = 0 [pid 2355] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2353] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2353] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2355] <... open resumed>) = 5 [pid 2355] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2353] <... futex resumed>) = 0 [pid 2355] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2353] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2353] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2355] <... mmap resumed>) = 0x20000000 [pid 2355] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2353] <... futex resumed>) = 0 [pid 2353] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2354] <... write resumed>) = ? [pid 2354] +++ killed by SIGBUS +++ [pid 2355] +++ killed by SIGBUS +++ [pid 2353] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2353, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./636", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./636", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./636/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./636/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./636/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./636/bus") = 0 umount2("./636/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./636/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./636/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./636") = 0 mkdir("./637", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2356 ./strace-static-x86_64: Process 2356 attached [pid 2356] set_robust_list(0x5555564336a0, 24) = 0 [pid 2356] chdir("./637") = 0 [pid 2356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2356] setpgid(0, 0) = 0 [pid 2356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2356] write(3, "1000", 4) = 4 [pid 2356] close(3) = 0 [pid 2356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2356] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2356] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2356] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2356] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2357 attached [pid 2357] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2357] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2356] <... clone3 resumed> => {parent_tid=[2357]}, 88) = 2357 [pid 2356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2356] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2357] <... futex resumed>) = 0 [pid 2356] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2357] memfd_create("syzkaller", 0) = 3 [pid 2357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2356] <... futex resumed>) = 0 [pid 2356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2356] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2358 attached [pid 2357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2356] <... clone3 resumed> => {parent_tid=[2358]}, 88) = 2358 [pid 2356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2356] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2356] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2358] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2358] creat("./bus", 000) = 4 [pid 2358] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2356] <... futex resumed>) = 0 [pid 2356] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2356] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2358] <... futex resumed>) = 1 [pid 2358] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2358] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2356] <... futex resumed>) = 0 [pid 2356] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2356] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2358] <... futex resumed>) = 1 [pid 2358] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2358] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2356] <... futex resumed>) = 0 [pid 2356] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2356] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2358] <... futex resumed>) = 1 [pid 2358] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2358] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2356] <... futex resumed>) = 0 [pid 2356] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2358] <... futex resumed>) = 1 [pid 2358] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2357] <... write resumed>) = ? [pid 2357] +++ killed by SIGBUS +++ [pid 2358] +++ killed by SIGBUS +++ [pid 2356] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2356, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./637", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./637", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./637/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./637/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./637/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./637/bus") = 0 umount2("./637/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./637/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./637/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./637") = 0 mkdir("./638", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2359 ./strace-static-x86_64: Process 2359 attached [pid 2359] set_robust_list(0x5555564336a0, 24) = 0 [pid 2359] chdir("./638") = 0 [pid 2359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2359] setpgid(0, 0) = 0 [pid 2359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2359] write(3, "1000", 4) = 4 [pid 2359] close(3) = 0 [pid 2359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2359] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2359] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2359] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2360]}, 88) = 2360 ./strace-static-x86_64: Process 2360 attached [pid 2360] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2360] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2359] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2360] <... futex resumed>) = 0 [pid 2360] memfd_create("syzkaller", 0 [pid 2359] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2360] <... memfd_create resumed>) = 3 [pid 2360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2359] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2361]}, 88) = 2361 [pid 2359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2359] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2359] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2361 attached [pid 2360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2361] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2361] creat("./bus", 000) = 4 [pid 2360] <... write resumed>) = 262144 [pid 2360] munmap(0x7f22d9170000, 138412032 [pid 2361] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2360] <... munmap resumed>) = 0 [pid 2360] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2359] <... futex resumed>) = 0 [pid 2359] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2360] <... openat resumed>) = 5 [pid 2359] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2360] ioctl(5, LOOP_SET_FD, 3 [pid 2361] <... futex resumed>) = 1 [pid 2361] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2361] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2359] <... futex resumed>) = 0 [pid 2359] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2359] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2361] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2361] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2359] <... futex resumed>) = 0 [pid 2359] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2359] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2361] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2360] <... ioctl resumed>) = 0 [pid 2360] close(3) = 0 [pid 2360] close(5 [pid 2361] <... mmap resumed>) = 0x20000000 [pid 2361] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2359] <... futex resumed>) = 0 [pid 2359] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2361] <... futex resumed>) = 1 [pid 2361] memfd_create("syzkaller", 0) = 3 [pid 2361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2360] <... close resumed>) = 0 [pid 2360] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2360] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2360] ioctl(5, LOOP_CLR_FD) = 0 [pid 2360] close(5) = 0 [pid 2360] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2360] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2361] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2361] munmap(0x7f22d9170000, 138412032) = 0 [pid 2361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2361] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2361] ioctl(5, LOOP_CLR_FD) = 0 [pid 2361] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2361] close(5) = 0 [pid 2361] close(3) = 0 [pid 2361] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2361] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2359] exit_group(0) = ? [pid 2360] <... futex resumed>) = ? [pid 2361] <... futex resumed>) = ? [pid 2360] +++ exited with 0 +++ [pid 2361] +++ exited with 0 +++ [pid 2359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2359, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./638", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./638", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./638/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./638/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./638/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./638/bus") = 0 umount2("./638/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./638/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./638/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./638") = 0 mkdir("./639", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2362 ./strace-static-x86_64: Process 2362 attached [pid 2362] set_robust_list(0x5555564336a0, 24) = 0 [pid 2362] chdir("./639") = 0 [pid 2362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2362] setpgid(0, 0) = 0 [pid 2362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2362] write(3, "1000", 4) = 4 [pid 2362] close(3) = 0 [pid 2362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2362] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [ 54.983357][ T2360] loop0: detected capacity change from 0 to 512 [pid 2362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2362] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2363 attached => {parent_tid=[2363]}, 88) = 2363 [pid 2362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2362] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2363] set_robust_list(0x7f22e15909a0, 24 [pid 2362] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2362] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2363] <... set_robust_list resumed>) = 0 [pid 2362] <... clone3 resumed> => {parent_tid=[2364]}, 88) = 2364 [pid 2363] rt_sigprocmask(SIG_SETMASK, [], [pid 2362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2362] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2364 attached [pid 2364] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2364] creat("./bus", 000 [pid 2363] memfd_create("syzkaller", 0) = 4 [pid 2363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2363] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2363] munmap(0x7f22d914f000, 138412032) = 0 [pid 2363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2363] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 2363] close(4) = 0 [pid 2363] close(5) = 0 [pid 2363] mkdir("./file0", 0777 [pid 2364] <... creat resumed>) = 3 [pid 2364] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2362] <... futex resumed>) = 0 [pid 2364] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2362] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2364] <... mount resumed>) = 0 [pid 2363] <... mkdir resumed>) = 0 [pid 2362] <... futex resumed>) = 0 [pid 2364] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2363] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2362] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2364] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2362] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2364] <... futex resumed>) = 0 [pid 2362] <... futex resumed>) = 1 [pid 2364] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2362] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2364] <... open resumed>) = 4 [pid 2364] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2362] <... futex resumed>) = 0 [pid 2364] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2362] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2362] <... futex resumed>) = 0 [pid 2364] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2362] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2364] <... mmap resumed>) = 0x20000000 [pid 2364] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2362] <... futex resumed>) = 0 [pid 2364] memfd_create("syzkaller", 0 [pid 2362] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2364] <... memfd_create resumed>) = 5 [pid 2364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [ 55.050258][ T2363] loop0: detected capacity change from 0 to 512 [ 55.077234][ T2363] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [pid 2364] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2363] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2363] ioctl(6, LOOP_CLR_FD) = 0 [pid 2364] <... write resumed>) = 4194304 [pid 2363] close(6 [pid 2364] munmap(0x7f22d914f000, 138412032 [pid 2363] <... close resumed>) = 0 [pid 2363] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2363] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2364] <... munmap resumed>) = 0 [pid 2364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2364] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2364] ioctl(6, LOOP_CLR_FD) = 0 [pid 2364] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2364] close(6) = 0 [pid 2364] close(5) = 0 [pid 2364] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2364] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2362] exit_group(0) = ? [pid 2364] <... futex resumed>) = ? [pid 2363] <... futex resumed>) = ? [pid 2363] +++ exited with 0 +++ [pid 2364] +++ exited with 0 +++ [pid 2362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2362, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./639", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./639", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./639/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./639/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./639/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./639/bus") = 0 umount2("./639/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./639/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./639/binderfs") = 0 umount2("./639/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./639/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./639/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./639/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./639/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./639") = 0 mkdir("./640", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2366 attached [pid 2366] set_robust_list(0x5555564336a0, 24 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2366 [pid 2366] <... set_robust_list resumed>) = 0 [pid 2366] chdir("./640") = 0 [pid 2366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2366] setpgid(0, 0) = 0 [pid 2366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2366] write(3, "1000", 4) = 4 [pid 2366] close(3) = 0 [pid 2366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2366] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2366] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2366] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2366] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2367]}, 88) = 2367 [pid 2366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2366] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2366] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2366] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2368]}, 88) = 2368 [pid 2366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2366] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2366] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2368 attached [pid 2368] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2368] creat("./bus", 000) = 3 [pid 2368] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2366] <... futex resumed>) = 0 [pid 2366] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2366] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2368] <... futex resumed>) = 1 [pid 2368] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2368] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2366] <... futex resumed>) = 0 [pid 2366] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2366] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2368] <... futex resumed>) = 1 [pid 2368] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2368] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2366] <... futex resumed>) = 0 [pid 2366] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2366] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2368] <... futex resumed>) = 1 [pid 2368] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2368] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2366] <... futex resumed>) = 0 [pid 2366] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2368] <... futex resumed>) = 1 [pid 2368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- ./strace-static-x86_64: Process 2367 attached [pid 2368] +++ killed by SIGBUS +++ [pid 2367] +++ killed by SIGBUS +++ [pid 2366] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2366, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./640", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./640", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./640/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./640/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./640/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./640/bus") = 0 umount2("./640/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./640/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./640/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./640") = 0 mkdir("./641", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2369 ./strace-static-x86_64: Process 2369 attached [pid 2369] set_robust_list(0x5555564336a0, 24) = 0 [pid 2369] chdir("./641") = 0 [pid 2369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2369] setpgid(0, 0) = 0 [pid 2369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2369] write(3, "1000", 4) = 4 [pid 2369] close(3) = 0 [pid 2369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2369] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2369] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2369] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [ 55.099683][ T2363] EXT4-fs (loop0): get root inode failed [ 55.105435][ T2363] EXT4-fs (loop0): mount failed [pid 2369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2370]}, 88) = 2370 [pid 2369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2369] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2369] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2369] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2371]}, 88) = 2371 [pid 2369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2369] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2369] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2370 attached [pid 2370] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2370] memfd_create("syzkaller", 0) = 3 [pid 2370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2371 attached [pid 2371] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2371] creat("./bus", 000) = 4 [pid 2371] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2371] <... futex resumed>) = 1 [pid 2369] <... futex resumed>) = 0 [pid 2369] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2369] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2371] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2371] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2369] <... futex resumed>) = 0 [pid 2369] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2369] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2371] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2370] <... write resumed>) = 262144 [pid 2370] munmap(0x7f22d914f000, 138412032) = 0 [pid 2370] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2371] <... open resumed>) = 5 [pid 2370] <... openat resumed>) = 6 [pid 2370] ioctl(6, LOOP_SET_FD, 3 [pid 2371] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2370] <... ioctl resumed>) = 0 [pid 2371] <... futex resumed>) = 1 [pid 2369] <... futex resumed>) = 0 [pid 2369] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2369] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2370] close(3 [pid 2371] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2370] <... close resumed>) = 0 [pid 2370] close(6) = 0 [pid 2370] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2370] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2370] ioctl(3, LOOP_CLR_FD) = 0 [pid 2370] close(3) = 0 [pid 2370] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2370] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2371] <... mmap resumed>) = 0x20000000 [pid 2371] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2369] <... futex resumed>) = 0 [pid 2369] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2370] <... futex resumed>) = 0 [pid 2370] memfd_create("syzkaller", 0) = 3 [pid 2370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2371] <... futex resumed>) = 1 [pid 2371] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2370] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2370] munmap(0x7f22d914f000, 138412032) = 0 [pid 2370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2370] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2370] ioctl(6, LOOP_CLR_FD) = 0 [pid 2370] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2370] close(6) = 0 [ 55.167205][ T2370] loop0: detected capacity change from 0 to 512 [pid 2370] close(3) = 0 [pid 2370] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2370] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2369] exit_group(0 [pid 2371] <... futex resumed>) = ? [pid 2369] <... exit_group resumed>) = ? [pid 2371] +++ exited with 0 +++ [pid 2370] <... futex resumed>) = ? [pid 2370] +++ exited with 0 +++ [pid 2369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2369, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./641", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./641", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./641/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./641/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./641/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./641/bus") = 0 umount2("./641/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./641/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./641/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./641") = 0 mkdir("./642", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2372 ./strace-static-x86_64: Process 2372 attached [pid 2372] set_robust_list(0x5555564336a0, 24) = 0 [pid 2372] chdir("./642") = 0 [pid 2372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2372] setpgid(0, 0) = 0 [pid 2372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2372] write(3, "1000", 4) = 4 [pid 2372] close(3) = 0 [pid 2372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2372] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2372] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2372] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2373]}, 88) = 2373 ./strace-static-x86_64: Process 2373 attached [pid 2372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2372] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2372] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2372] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2374]}, 88) = 2374 [pid 2373] set_robust_list(0x7f22e15909a0, 24./strace-static-x86_64: Process 2374 attached [pid 2372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2372] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2372] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2373] <... set_robust_list resumed>) = 0 [pid 2373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2373] memfd_create("syzkaller", 0 [pid 2374] set_robust_list(0x7f22e156f9a0, 24 [pid 2373] <... memfd_create resumed>) = 3 [pid 2373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2374] <... set_robust_list resumed>) = 0 [pid 2373] <... mmap resumed>) = 0x7f22d914f000 [pid 2374] rt_sigprocmask(SIG_SETMASK, [], [pid 2373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2373] <... write resumed>) = 262144 [pid 2373] munmap(0x7f22d914f000, 138412032 [pid 2374] creat("./bus", 000 [pid 2373] <... munmap resumed>) = 0 [pid 2373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2373] ioctl(4, LOOP_SET_FD, 3 [pid 2374] <... creat resumed>) = 5 [pid 2374] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2374] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2373] <... ioctl resumed>) = 0 [pid 2372] <... futex resumed>) = 0 [pid 2373] close(3 [pid 2372] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2373] <... close resumed>) = 0 [pid 2372] <... futex resumed>) = 1 [pid 2374] <... futex resumed>) = 0 [pid 2374] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2373] close(4 [pid 2372] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2374] <... mount resumed>) = 0 [pid 2373] <... close resumed>) = 0 [pid 2373] mkdir("./file0", 0777) = 0 [pid 2374] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2372] <... futex resumed>) = 0 [pid 2372] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2372] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2374] <... futex resumed>) = 1 [pid 2374] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2374] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2372] <... futex resumed>) = 0 [pid 2372] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2372] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2374] <... futex resumed>) = 1 [pid 2374] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2373] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2373] ioctl(4, LOOP_CLR_FD) = 0 [pid 2373] close(4) = 0 [pid 2373] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2373] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2374] <... mmap resumed>) = 0x20000000 [pid 2374] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2372] <... futex resumed>) = 0 [pid 2372] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2373] <... futex resumed>) = 0 [pid 2373] memfd_create("syzkaller", 0) = 4 [pid 2373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2374] <... futex resumed>) = 1 [pid 2374] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2373] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2373] munmap(0x7f22d914f000, 138412032) = 0 [pid 2373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2373] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2373] ioctl(6, LOOP_CLR_FD) = 0 [pid 2373] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2373] close(6) = 0 [pid 2373] close(4) = 0 [pid 2373] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2373] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2372] exit_group(0) = ? [pid 2374] <... futex resumed>) = ? [pid 2373] <... futex resumed>) = ? [pid 2373] +++ exited with 0 +++ [pid 2374] +++ exited with 0 +++ [pid 2372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2372, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./642", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./642", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./642/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./642/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./642/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./642/bus") = 0 umount2("./642/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./642/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./642/binderfs") = 0 umount2("./642/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./642/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./642/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./642/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./642/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./642") = 0 mkdir("./643", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2375 ./strace-static-x86_64: Process 2375 attached [pid 2375] set_robust_list(0x5555564336a0, 24) = 0 [pid 2375] chdir("./643") = 0 [pid 2375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2375] setpgid(0, 0) = 0 [pid 2375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2375] write(3, "1000", 4) = 4 [pid 2375] close(3) = 0 [pid 2375] symlink("/dev/binderfs", "./binderfs") = 0 [ 55.250848][ T2373] loop0: detected capacity change from 0 to 512 [pid 2375] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2375] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2375] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2376 attached [pid 2376] set_robust_list(0x7f22e15909a0, 24 [pid 2375] <... clone3 resumed> => {parent_tid=[2376]}, 88) = 2376 [pid 2376] <... set_robust_list resumed>) = 0 [pid 2375] rt_sigprocmask(SIG_SETMASK, [], [pid 2376] rt_sigprocmask(SIG_SETMASK, [], [pid 2375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2375] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2376] memfd_create("syzkaller", 0 [pid 2375] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2376] <... memfd_create resumed>) = 3 [pid 2375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2375] <... mmap resumed>) = 0x7f22e154f000 [pid 2375] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2376] <... mmap resumed>) = 0x7f22d914f000 [pid 2375] <... mprotect resumed>) = 0 [pid 2375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2377 attached => {parent_tid=[2377]}, 88) = 2377 [pid 2377] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2377] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2375] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2375] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2377] <... futex resumed>) = 0 [pid 2377] creat("./bus", 000) = 4 [pid 2377] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2375] <... futex resumed>) = 0 [pid 2375] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] <... futex resumed>) = 0 [pid 2375] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2377] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2377] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2375] <... futex resumed>) = 0 [pid 2375] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] <... futex resumed>) = 0 [pid 2377] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2375] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2377] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2375] <... futex resumed>) = 0 [pid 2375] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] <... futex resumed>) = 0 [pid 2375] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2377] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2377] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] <... write resumed>) = 262144 [pid 2377] <... futex resumed>) = 1 [pid 2376] munmap(0x7f22d914f000, 138412032 [pid 2377] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2375] <... futex resumed>) = 0 [pid 2375] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] <... futex resumed>) = 0 [pid 2376] <... munmap resumed>) = 0 [pid 2377] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = ? [pid 2377] +++ killed by SIGBUS +++ [pid 2376] +++ killed by SIGBUS +++ [pid 2375] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2375, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./643", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./643", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./643/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./643/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./643/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./643/bus") = 0 umount2("./643/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./643/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./643/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./643") = 0 mkdir("./644", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2378 ./strace-static-x86_64: Process 2378 attached [pid 2378] set_robust_list(0x5555564336a0, 24) = 0 [pid 2378] chdir("./644") = 0 [pid 2378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2378] setpgid(0, 0) = 0 [pid 2378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2378] write(3, "1000", 4) = 4 [pid 2378] close(3) = 0 [pid 2378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2378] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2378] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2378] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2379]}, 88) = 2379 [pid 2378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2378] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2378] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2378] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2380]}, 88) = 2380 [pid 2378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2378] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2378] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2379 attached [pid 2379] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 2380 attached [pid 2379] memfd_create("syzkaller", 0 [pid 2380] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2379] <... memfd_create resumed>) = 3 [pid 2380] rt_sigprocmask(SIG_SETMASK, [], [pid 2379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2380] creat("./bus", 000 [pid 2379] <... mmap resumed>) = 0x7f22d914f000 [pid 2380] <... creat resumed>) = 4 [pid 2380] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2378] <... futex resumed>) = 0 [pid 2378] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2378] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2380] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2380] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2378] <... futex resumed>) = 0 [pid 2378] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2378] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2380] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2380] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2378] <... futex resumed>) = 0 [pid 2378] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2378] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2380] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2379] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d73} --- [pid 2380] ????() = ? [pid 2378] <... futex resumed>) = ? [pid 2380] +++ killed by SIGBUS +++ [pid 2379] +++ killed by SIGBUS +++ [pid 2378] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2378, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./644", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./644", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./644/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./644/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./644/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./644/bus") = 0 umount2("./644/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./644/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./644/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./644") = 0 mkdir("./645", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2381 ./strace-static-x86_64: Process 2381 attached [pid 2381] set_robust_list(0x5555564336a0, 24) = 0 [pid 2381] chdir("./645") = 0 [pid 2381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2381] setpgid(0, 0) = 0 [pid 2381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2381] write(3, "1000", 4) = 4 [pid 2381] close(3) = 0 [pid 2381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2381] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2381] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2382 attached [pid 2382] set_robust_list(0x7f22e15909a0, 24 [pid 2381] <... clone3 resumed> => {parent_tid=[2382]}, 88) = 2382 [pid 2382] <... set_robust_list resumed>) = 0 [pid 2382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2382] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2381] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2382] <... futex resumed>) = 0 [pid 2382] memfd_create("syzkaller", 0 [pid 2381] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2382] <... memfd_create resumed>) = 3 [pid 2381] <... mmap resumed>) = 0x7f22e154f000 [pid 2382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2381] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2382] <... mmap resumed>) = 0x7f22d914f000 [pid 2381] <... mprotect resumed>) = 0 [pid 2382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2382] <... write resumed>) = 262144 [pid 2382] munmap(0x7f22d914f000, 138412032./strace-static-x86_64: Process 2383 attached [pid 2381] <... clone3 resumed> => {parent_tid=[2383]}, 88) = 2383 [pid 2382] <... munmap resumed>) = 0 [pid 2383] set_robust_list(0x7f22e156f9a0, 24 [pid 2382] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2382] <... openat resumed>) = 4 [pid 2381] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2382] ioctl(4, LOOP_SET_FD, 3 [pid 2381] <... futex resumed>) = 0 [pid 2381] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2383] <... set_robust_list resumed>) = 0 [pid 2383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2383] creat("./bus", 000) = 5 [pid 2383] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2383] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2382] <... ioctl resumed>) = 0 [pid 2381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2382] close(3 [pid 2381] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2382] <... close resumed>) = 0 [pid 2381] <... futex resumed>) = 1 [pid 2382] close(4 [pid 2381] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2382] <... close resumed>) = 0 [pid 2383] <... futex resumed>) = 0 [pid 2383] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2382] mkdir("./file0", 0777) = 0 [pid 2383] <... mount resumed>) = 0 [pid 2382] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2383] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2381] <... futex resumed>) = 0 [pid 2381] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2383] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2383] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] <... futex resumed>) = 0 [pid 2381] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2383] <... futex resumed>) = 1 [pid 2383] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2383] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] <... futex resumed>) = 0 [pid 2381] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2383] <... futex resumed>) = 1 [pid 2383] memfd_create("syzkaller", 0) = 4 [pid 2383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2382] <... mount resumed>) = 0 [pid 2382] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2382] ioctl(6, LOOP_CLR_FD) = 0 [pid 2382] close(6) = 0 [pid 2382] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2382] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2383] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2383] munmap(0x7f22d914f000, 138412032) = 0 [pid 2383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2383] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2383] ioctl(6, LOOP_CLR_FD) = 0 [pid 2383] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2383] close(6) = 0 [pid 2383] close(4) = 0 [pid 2383] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] exit_group(0) = ? [pid 2382] <... futex resumed>) = ? [pid 2382] +++ exited with 0 +++ [pid 2383] <... futex resumed>) = ? [pid 2383] +++ exited with 0 +++ [pid 2381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2381, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./645", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./645", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./645/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./645/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./645/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./645/bus") = 0 umount2("./645/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./645/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./645/binderfs") = 0 umount2("./645/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./645/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./645/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./645/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./645/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./645/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./645") = 0 mkdir("./646", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2386 ./strace-static-x86_64: Process 2386 attached [pid 2386] set_robust_list(0x5555564336a0, 24) = 0 [pid 2386] chdir("./646") = 0 [pid 2386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2386] setpgid(0, 0) = 0 [pid 2386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2386] write(3, "1000", 4) = 4 [pid 2386] close(3) = 0 [pid 2386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2386] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2386] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2386] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2387 attached [pid 2387] set_robust_list(0x7f22e15909a0, 24 [pid 2386] <... clone3 resumed> => {parent_tid=[2387]}, 88) = 2387 [pid 2387] <... set_robust_list resumed>) = 0 [pid 2386] rt_sigprocmask(SIG_SETMASK, [], [pid 2387] rt_sigprocmask(SIG_SETMASK, [], [pid 2386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2386] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2387] memfd_create("syzkaller", 0 [pid 2386] <... futex resumed>) = 0 [pid 2387] <... memfd_create resumed>) = 3 [pid 2386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2386] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2387] <... mmap resumed>) = 0x7f22d914f000 [pid 2386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 55.366838][ T2382] loop0: detected capacity change from 0 to 512 [ 55.387284][ T2382] EXT4-fs (loop0): 1 truncate cleaned up [pid 2386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2388]}, 88) = 2388 [pid 2386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2386] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2388 attached [pid 2387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2388] set_robust_list(0x7f22e156f9a0, 24 [pid 2387] <... write resumed>) = 262144 [pid 2388] <... set_robust_list resumed>) = 0 [pid 2387] munmap(0x7f22d914f000, 138412032 [pid 2388] rt_sigprocmask(SIG_SETMASK, [], [pid 2387] <... munmap resumed>) = 0 [pid 2388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2387] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2388] creat("./bus", 000 [pid 2387] <... openat resumed>) = 4 [pid 2387] ioctl(4, LOOP_SET_FD, 3 [pid 2388] <... creat resumed>) = 5 [pid 2388] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2386] <... futex resumed>) = 0 [pid 2386] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2388] <... futex resumed>) = 1 [pid 2388] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2388] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2386] <... futex resumed>) = 0 [pid 2386] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2388] <... futex resumed>) = 1 [pid 2388] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2388] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2386] <... futex resumed>) = 0 [pid 2386] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2388] <... futex resumed>) = 1 [pid 2388] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2387] <... ioctl resumed>) = 0 [pid 2387] close(3) = 0 [pid 2387] close(4 [pid 2388] <... mmap resumed>) = 0x20000000 [pid 2387] <... close resumed>) = 0 [pid 2387] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2387] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2387] ioctl(3, LOOP_CLR_FD) = 0 [pid 2387] close(3) = 0 [pid 2387] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2387] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2388] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2386] <... futex resumed>) = 0 [pid 2388] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2386] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2387] <... futex resumed>) = 0 [pid 2387] memfd_create("syzkaller", 0) = 3 [pid 2387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2387] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2387] munmap(0x7f22d914f000, 138412032) = 0 [pid 2387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2387] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2387] ioctl(4, LOOP_CLR_FD) = 0 [pid 2387] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2387] close(4) = 0 [pid 2387] close(3) = 0 [pid 2387] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2387] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2386] exit_group(0 [pid 2388] <... futex resumed>) = ? [pid 2386] <... exit_group resumed>) = ? [pid 2388] +++ exited with 0 +++ [pid 2387] <... futex resumed>) = ? [pid 2387] +++ exited with 0 +++ [pid 2386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2386, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./646", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./646", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./646/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./646/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./646/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./646/bus") = 0 umount2("./646/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./646/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./646/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./646") = 0 mkdir("./647", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2389 ./strace-static-x86_64: Process 2389 attached [pid 2389] set_robust_list(0x5555564336a0, 24) = 0 [pid 2389] chdir("./647") = 0 [pid 2389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2389] setpgid(0, 0) = 0 [pid 2389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2389] write(3, "1000", 4) = 4 [pid 2389] close(3) = 0 [pid 2389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2389] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2389] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2389] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2390 attached => {parent_tid=[2390]}, 88) = 2390 [pid 2390] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2390] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2389] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2390] <... futex resumed>) = 0 [pid 2390] memfd_create("syzkaller", 0 [pid 2389] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2389] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2391]}, 88) = 2391 [pid 2389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2389] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2389] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2391 attached [pid 2391] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2391] creat("./bus", 000 [pid 2390] <... memfd_create resumed>) = 4 [pid 2391] <... creat resumed>) = 3 [pid 2391] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2389] <... futex resumed>) = 0 [pid 2389] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2389] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2391] <... futex resumed>) = 1 [pid 2391] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2391] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2389] <... futex resumed>) = 0 [pid 2389] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2389] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2391] <... futex resumed>) = 1 [pid 2391] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2391] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2389] <... futex resumed>) = 0 [pid 2389] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2389] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2391] <... futex resumed>) = 1 [pid 2391] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2391] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2389] <... futex resumed>) = 0 [pid 2389] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2391] <... futex resumed>) = 1 [pid 2391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2390] <... mmap resumed>) = ? [pid 2390] +++ killed by SIGBUS +++ [ 55.450540][ T2387] loop0: detected capacity change from 0 to 512 [pid 2391] +++ killed by SIGBUS +++ [pid 2389] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2389, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./647", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./647", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./647/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./647/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./647/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./647/bus") = 0 umount2("./647/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./647/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./647/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./647") = 0 mkdir("./648", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2392 ./strace-static-x86_64: Process 2392 attached [pid 2392] set_robust_list(0x5555564336a0, 24) = 0 [pid 2392] chdir("./648") = 0 [pid 2392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2392] setpgid(0, 0) = 0 [pid 2392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2392] write(3, "1000", 4) = 4 [pid 2392] close(3) = 0 [pid 2392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2392] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2392] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2392] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2393 attached => {parent_tid=[2393]}, 88) = 2393 [pid 2393] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2393] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2392] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2393] <... futex resumed>) = 0 [pid 2392] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2393] memfd_create("syzkaller", 0) = 3 [pid 2392] <... futex resumed>) = 0 [pid 2393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2392] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2394 attached => {parent_tid=[2394]}, 88) = 2394 [pid 2394] set_robust_list(0x7f22d916f9a0, 24 [pid 2392] rt_sigprocmask(SIG_SETMASK, [], [pid 2394] <... set_robust_list resumed>) = 0 [pid 2393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2394] rt_sigprocmask(SIG_SETMASK, [], [pid 2392] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2394] creat("./bus", 000 [pid 2392] <... futex resumed>) = 0 [pid 2392] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2394] <... creat resumed>) = 4 [pid 2394] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2392] <... futex resumed>) = 0 [pid 2394] <... futex resumed>) = 1 [pid 2392] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2393] <... write resumed>) = 262144 [pid 2393] munmap(0x7f22d9170000, 138412032 [pid 2392] <... futex resumed>) = 0 [pid 2394] <... mount resumed>) = 0 [pid 2393] <... munmap resumed>) = 0 [pid 2392] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2393] ioctl(5, LOOP_SET_FD, 3 [pid 2394] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2392] <... futex resumed>) = 0 [pid 2392] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2392] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2394] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2394] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2392] <... futex resumed>) = 0 [pid 2392] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2392] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2394] <... futex resumed>) = 1 [pid 2394] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2393] <... ioctl resumed>) = 0 [pid 2393] close(3) = 0 [pid 2393] close(5 [pid 2394] <... mmap resumed>) = 0x20000000 [pid 2394] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2392] <... futex resumed>) = 0 [pid 2392] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2394] <... futex resumed>) = 1 [pid 2394] memfd_create("syzkaller", 0) = 3 [pid 2394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2393] <... close resumed>) = 0 [pid 2393] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2393] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2393] ioctl(5, LOOP_CLR_FD) = 0 [pid 2393] close(5) = 0 [pid 2393] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2393] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2394] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2394] munmap(0x7f22d9170000, 138412032) = 0 [pid 2394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2394] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2394] ioctl(5, LOOP_CLR_FD) = 0 [pid 2394] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2394] close(5) = 0 [pid 2394] close(3) = 0 [pid 2394] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2394] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2392] exit_group(0) = ? [pid 2394] <... futex resumed>) = ? [pid 2393] <... futex resumed>) = ? [pid 2394] +++ exited with 0 +++ [pid 2393] +++ exited with 0 +++ [pid 2392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2392, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./648", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./648", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./648/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./648/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./648/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./648/bus") = 0 umount2("./648/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./648/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./648/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./648") = 0 mkdir("./649", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2395 ./strace-static-x86_64: Process 2395 attached [pid 2395] set_robust_list(0x5555564336a0, 24) = 0 [pid 2395] chdir("./649") = 0 [pid 2395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2395] setpgid(0, 0) = 0 [pid 2395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2395] write(3, "1000", 4) = 4 [pid 2395] close(3) = 0 [pid 2395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2395] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2395] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [ 55.526783][ T2393] loop0: detected capacity change from 0 to 512 [pid 2395] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2396 attached => {parent_tid=[2396]}, 88) = 2396 [pid 2396] set_robust_list(0x7f22e15909a0, 24 [pid 2395] rt_sigprocmask(SIG_SETMASK, [], [pid 2396] <... set_robust_list resumed>) = 0 [pid 2395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2396] rt_sigprocmask(SIG_SETMASK, [], [pid 2395] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2395] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2395] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2397 attached [pid 2396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2395] <... clone3 resumed> => {parent_tid=[2397]}, 88) = 2397 [pid 2395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2395] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2395] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2397] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2396] memfd_create("syzkaller", 0 [pid 2397] creat("./bus", 000 [pid 2396] <... memfd_create resumed>) = 4 [pid 2397] <... creat resumed>) = 3 [pid 2396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2397] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2395] <... futex resumed>) = 0 [pid 2395] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2395] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2397] <... futex resumed>) = 1 [pid 2397] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2397] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2395] <... futex resumed>) = 0 [pid 2395] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2395] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2397] <... futex resumed>) = 1 [pid 2397] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2397] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2395] <... futex resumed>) = 0 [pid 2395] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2395] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2397] <... futex resumed>) = 1 [pid 2397] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2396] <... mmap resumed>) = 0x7f22d914f000 [pid 2397] <... mmap resumed>) = 0x20000000 [pid 2396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200009e6} --- [pid 2397] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2395] <... futex resumed>) = 0 [pid 2395] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2397] <... futex resumed>) = 1 [pid 2397] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2396] +++ killed by SIGBUS +++ [pid 2397] +++ killed by SIGBUS +++ [pid 2395] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2395, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./649", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./649", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./649/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./649/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./649/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./649/bus") = 0 umount2("./649/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./649/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./649/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./649") = 0 mkdir("./650", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2398 attached , child_tidptr=0x555556433690) = 2398 [pid 2398] set_robust_list(0x5555564336a0, 24) = 0 [pid 2398] chdir("./650") = 0 [pid 2398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2398] setpgid(0, 0) = 0 [pid 2398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2398] write(3, "1000", 4) = 4 [pid 2398] close(3) = 0 [pid 2398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2398] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2398] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2398] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2399 attached => {parent_tid=[2399]}, 88) = 2399 [pid 2399] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2399] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2398] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2398] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2398] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2400]}, 88) = 2400 [pid 2398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2398] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2400 attached [pid 2398] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2399] <... futex resumed>) = 0 [pid 2400] set_robust_list(0x7f22e156f9a0, 24 [pid 2399] memfd_create("syzkaller", 0) = 3 [pid 2399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2400] <... set_robust_list resumed>) = 0 [pid 2400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2400] creat("./bus", 000) = 4 [pid 2400] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2398] <... futex resumed>) = 0 [pid 2398] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2398] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2400] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2400] <... mount resumed>) = 0 [pid 2400] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2398] <... futex resumed>) = 0 [pid 2400] <... futex resumed>) = 1 [pid 2398] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2400] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2398] <... futex resumed>) = 0 [pid 2398] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2400] <... open resumed>) = 5 [pid 2400] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2399] <... write resumed>) = 262144 [pid 2399] munmap(0x7f22d914f000, 138412032) = 0 [pid 2400] <... futex resumed>) = 1 [pid 2398] <... futex resumed>) = 0 [pid 2399] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2398] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2399] <... openat resumed>) = 6 [pid 2400] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2398] <... futex resumed>) = 0 [pid 2399] ioctl(6, LOOP_SET_FD, 3 [pid 2398] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2400] <... mmap resumed>) = 0x20000000 [pid 2400] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2398] <... futex resumed>) = 0 [pid 2400] <... futex resumed>) = 1 [pid 2398] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2399] <... ioctl resumed>) = 0 [pid 2399] close(3) = 0 [pid 2399] close(6 [pid 2400] memfd_create("syzkaller", 0) = 3 [pid 2400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2399] <... close resumed>) = 0 [pid 2399] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2399] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2399] ioctl(6, LOOP_CLR_FD) = 0 [pid 2399] close(6) = 0 [pid 2399] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2399] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2400] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2400] munmap(0x7f22d914f000, 138412032) = 0 [pid 2400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2400] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2400] ioctl(6, LOOP_CLR_FD) = 0 [pid 2400] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2400] close(6) = 0 [pid 2400] close(3) = 0 [pid 2400] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2400] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2398] exit_group(0) = ? [pid 2399] <... futex resumed>) = ? [pid 2400] <... futex resumed>) = ? [pid 2400] +++ exited with 0 +++ [pid 2399] +++ exited with 0 +++ [pid 2398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2398, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./650", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./650", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./650/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./650/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./650/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./650/bus") = 0 umount2("./650/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./650/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./650/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./650") = 0 mkdir("./651", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2401 ./strace-static-x86_64: Process 2401 attached [pid 2401] set_robust_list(0x5555564336a0, 24) = 0 [pid 2401] chdir("./651") = 0 [pid 2401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2401] setpgid(0, 0) = 0 [pid 2401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2401] write(3, "1000", 4) = 4 [pid 2401] close(3) = 0 [pid 2401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2401] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2401] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [ 55.629482][ T2399] loop0: detected capacity change from 0 to 512 [pid 2401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2402 attached => {parent_tid=[2402]}, 88) = 2402 [pid 2401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2401] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2402] set_robust_list(0x7f22e15909a0, 24 [pid 2401] <... mmap resumed>) = 0x7f22e154f000 [pid 2401] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2403]}, 88) = 2403 [pid 2401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2401] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2402] <... set_robust_list resumed>) = 0 [pid 2402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 2403 attached [pid 2402] memfd_create("syzkaller", 0 [pid 2403] set_robust_list(0x7f22e156f9a0, 24 [pid 2402] <... memfd_create resumed>) = 3 [pid 2402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2403] <... set_robust_list resumed>) = 0 [pid 2403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2403] creat("./bus", 000) = 4 [pid 2403] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2401] <... futex resumed>) = 0 [pid 2401] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2403] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2401] <... futex resumed>) = 0 [pid 2401] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2403] <... mount resumed>) = 0 [pid 2403] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2401] <... futex resumed>) = 0 [pid 2401] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2403] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2402] <... write resumed>) = 262144 [pid 2402] munmap(0x7f22d914f000, 138412032 [pid 2401] <... futex resumed>) = 0 [pid 2402] <... munmap resumed>) = 0 [pid 2401] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2402] ioctl(6, LOOP_SET_FD, 3 [pid 2403] <... open resumed>) = 5 [pid 2403] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2401] <... futex resumed>) = 0 [pid 2401] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2402] <... ioctl resumed>) = 0 [pid 2403] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2402] close(3) = 0 [pid 2402] close(6) = 0 [pid 2402] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2402] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2402] ioctl(3, LOOP_CLR_FD) = 0 [pid 2402] close(3) = 0 [pid 2402] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2402] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2403] <... mmap resumed>) = 0x20000000 [pid 2403] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2403] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2401] <... futex resumed>) = 0 [pid 2401] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2402] <... futex resumed>) = 0 [pid 2402] memfd_create("syzkaller", 0) = 3 [pid 2402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2402] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2402] munmap(0x7f22d914f000, 138412032) = 0 [pid 2402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2402] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2402] ioctl(6, LOOP_CLR_FD) = 0 [pid 2402] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2402] close(6) = 0 [pid 2402] close(3) = 0 [pid 2402] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2401] exit_group(0 [pid 2403] <... futex resumed>) = ? [pid 2401] <... exit_group resumed>) = ? [pid 2403] +++ exited with 0 +++ [pid 2402] <... futex resumed>) = ? [pid 2402] +++ exited with 0 +++ [pid 2401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2401, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./651", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./651", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./651/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./651/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./651/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./651/bus") = 0 umount2("./651/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./651/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./651/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./651") = 0 mkdir("./652", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2404 ./strace-static-x86_64: Process 2404 attached [pid 2404] set_robust_list(0x5555564336a0, 24) = 0 [pid 2404] chdir("./652") = 0 [pid 2404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2404] setpgid(0, 0) = 0 [pid 2404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2404] write(3, "1000", 4) = 4 [pid 2404] close(3) = 0 [pid 2404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2404] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2404] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2404] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2405]}, 88) = 2405 [pid 2404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2404] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2404] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2404] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2406]}, 88) = 2406 [pid 2404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2404] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2404] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2405 attached [pid 2405] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2405] memfd_create("syzkaller", 0) = 3 [pid 2405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2406 attached [pid 2406] set_robust_list(0x7f22e156f9a0, 24 [pid 2405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2406] <... set_robust_list resumed>) = 0 [pid 2406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2406] creat("./bus", 000) = 4 [pid 2406] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2404] <... futex resumed>) = 0 [pid 2404] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2406] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2404] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2406] <... mount resumed>) = 0 [pid 2406] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2404] <... futex resumed>) = 0 [pid 2404] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2404] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2406] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2406] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 55.696084][ T2402] loop0: detected capacity change from 0 to 512 [pid 2404] <... futex resumed>) = 0 [pid 2404] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2404] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2406] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2406] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2405] <... write resumed>) = 262144 [pid 2406] <... futex resumed>) = 1 [pid 2405] munmap(0x7f22d914f000, 138412032 [pid 2404] <... futex resumed>) = 0 [pid 2404] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2406] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2405] <... munmap resumed>) = 0 [pid 2404] <... futex resumed>) = 0 [pid 2406] +++ killed by SIGBUS +++ [pid 2405] +++ killed by SIGBUS +++ [pid 2404] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2404, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./652", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./652", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./652/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./652/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./652/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./652/bus") = 0 umount2("./652/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./652/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./652/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./652") = 0 mkdir("./653", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2407 ./strace-static-x86_64: Process 2407 attached [pid 2407] set_robust_list(0x5555564336a0, 24) = 0 [pid 2407] chdir("./653") = 0 [pid 2407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2407] setpgid(0, 0) = 0 [pid 2407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2407] write(3, "1000", 4) = 4 [pid 2407] close(3) = 0 [pid 2407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2407] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2407] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2407] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2408 attached => {parent_tid=[2408]}, 88) = 2408 [pid 2408] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2408] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2407] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2408] <... futex resumed>) = 0 [pid 2408] memfd_create("syzkaller", 0 [pid 2407] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2408] <... memfd_create resumed>) = 3 [pid 2408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2407] <... futex resumed>) = 0 [pid 2407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2407] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2409]}, 88) = 2409 ./strace-static-x86_64: Process 2409 attached [pid 2407] rt_sigprocmask(SIG_SETMASK, [], [pid 2409] set_robust_list(0x7f22d916f9a0, 24 [pid 2407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2407] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2409] <... set_robust_list resumed>) = 0 [pid 2407] <... futex resumed>) = 0 [pid 2409] rt_sigprocmask(SIG_SETMASK, [], [pid 2407] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2409] creat("./bus", 000) = 4 [pid 2409] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2407] <... futex resumed>) = 0 [pid 2407] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2409] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2407] <... futex resumed>) = 0 [pid 2407] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2409] <... mount resumed>) = 0 [pid 2409] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2408] <... write resumed>) = 262144 [pid 2408] munmap(0x7f22d9170000, 138412032 [pid 2409] <... futex resumed>) = 1 [pid 2407] <... futex resumed>) = 0 [pid 2407] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2409] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2407] <... futex resumed>) = 0 [pid 2408] <... munmap resumed>) = 0 [pid 2408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2409] <... open resumed>) = 6 [pid 2407] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2408] ioctl(5, LOOP_SET_FD, 3 [pid 2409] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2407] <... futex resumed>) = 0 [pid 2407] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2407] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2409] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2408] <... ioctl resumed>) = 0 [pid 2408] close(3) = 0 [pid 2408] close(5) = 0 [pid 2408] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2408] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2408] ioctl(3, LOOP_CLR_FD) = 0 [pid 2408] close(3) = 0 [pid 2408] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2408] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2409] <... mmap resumed>) = 0x20000000 [pid 2409] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2407] <... futex resumed>) = 0 [pid 2407] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2409] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2407] <... futex resumed>) = 1 [pid 2408] <... futex resumed>) = 0 [pid 2408] memfd_create("syzkaller", 0) = 3 [pid 2408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2408] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2408] munmap(0x7f22d9170000, 138412032) = 0 [pid 2408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2408] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2408] ioctl(5, LOOP_CLR_FD) = 0 [pid 2408] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2408] close(5) = 0 [pid 2408] close(3) = 0 [pid 2408] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2408] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2407] exit_group(0 [pid 2409] <... futex resumed>) = ? [pid 2407] <... exit_group resumed>) = ? [pid 2409] +++ exited with 0 +++ [pid 2408] <... futex resumed>) = ? [pid 2408] +++ exited with 0 +++ [pid 2407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2407, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./653", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./653", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./653/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./653/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./653/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./653/bus") = 0 umount2("./653/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./653/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./653/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./653") = 0 mkdir("./654", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2410 attached [pid 2410] set_robust_list(0x5555564336a0, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2410 [pid 2410] chdir("./654") = 0 [pid 2410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2410] setpgid(0, 0) = 0 [ 55.778355][ T2408] loop0: detected capacity change from 0 to 512 [pid 2410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2410] write(3, "1000", 4) = 4 [pid 2410] close(3) = 0 [pid 2410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2410] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2410] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2410] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2411 attached [pid 2411] set_robust_list(0x7f22e15909a0, 24 [pid 2410] <... clone3 resumed> => {parent_tid=[2411]}, 88) = 2411 [pid 2410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2410] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2410] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2410] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2411] <... set_robust_list resumed>) = 0 [pid 2410] <... mprotect resumed>) = 0 [pid 2410] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2411] rt_sigprocmask(SIG_SETMASK, [], [pid 2410] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2412]}, 88) = 2412 ./strace-static-x86_64: Process 2412 attached [pid 2411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2410] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2410] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] set_robust_list(0x7f22e156f9a0, 24 [pid 2411] memfd_create("syzkaller", 0) = 3 [pid 2412] <... set_robust_list resumed>) = 0 [pid 2412] rt_sigprocmask(SIG_SETMASK, [], [pid 2411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2411] <... mmap resumed>) = 0x7f22d914f000 [pid 2412] creat("./bus", 000 [pid 2411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2411] munmap(0x7f22d914f000, 138412032) = 0 [pid 2412] <... creat resumed>) = 4 [pid 2411] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2412] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2411] <... openat resumed>) = 5 [pid 2411] ioctl(5, LOOP_SET_FD, 3 [pid 2412] <... futex resumed>) = 1 [pid 2410] <... futex resumed>) = 0 [pid 2410] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2410] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2412] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2410] <... futex resumed>) = 0 [pid 2410] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2410] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] <... futex resumed>) = 1 [pid 2412] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2412] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2410] <... futex resumed>) = 0 [pid 2410] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2410] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] <... futex resumed>) = 1 [pid 2412] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2411] <... ioctl resumed>) = 0 [pid 2411] close(3) = 0 [pid 2411] close(5) = 0 [pid 2411] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2411] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2411] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2412] <... mmap resumed>) = 0x20000000 [pid 2411] <... openat resumed>) = 3 [pid 2411] ioctl(3, LOOP_CLR_FD) = 0 [pid 2411] close(3 [pid 2412] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2411] <... close resumed>) = 0 [pid 2411] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2412] <... futex resumed>) = 1 [pid 2410] <... futex resumed>) = 0 [pid 2412] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2410] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2411] <... futex resumed>) = 0 [pid 2411] memfd_create("syzkaller", 0) = 3 [pid 2411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2411] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2411] munmap(0x7f22d914f000, 138412032) = 0 [pid 2411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2411] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2411] ioctl(5, LOOP_CLR_FD) = 0 [pid 2411] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2411] close(5) = 0 [pid 2411] close(3) = 0 [pid 2411] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 55.846667][ T2411] loop0: detected capacity change from 0 to 512 [ 55.853298][ T2412] blk_print_req_error: 2 callbacks suppressed [ 55.853311][ T2412] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 17 prio class 2 [pid 2410] exit_group(0 [pid 2411] <... futex resumed>) = ? [pid 2410] <... exit_group resumed>) = ? [pid 2412] <... futex resumed>) = ? [pid 2412] +++ exited with 0 +++ [pid 2411] +++ exited with 0 +++ [pid 2410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2410, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./654", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./654", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./654/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./654/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./654/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./654/bus") = 0 umount2("./654/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./654/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./654/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./654") = 0 mkdir("./655", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2413 attached [pid 2413] set_robust_list(0x5555564336a0, 24 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2413 [pid 2413] <... set_robust_list resumed>) = 0 [pid 2413] chdir("./655") = 0 [pid 2413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2413] setpgid(0, 0) = 0 [pid 2413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2413] write(3, "1000", 4) = 4 [pid 2413] close(3) = 0 [pid 2413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2413] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2413] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2413] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2414 attached [pid 2414] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2413] <... clone3 resumed> => {parent_tid=[2414]}, 88) = 2414 [pid 2414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2413] rt_sigprocmask(SIG_SETMASK, [], [pid 2414] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2413] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2414] <... futex resumed>) = 0 [pid 2413] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2414] memfd_create("syzkaller", 0 [pid 2413] <... futex resumed>) = 0 [pid 2414] <... memfd_create resumed>) = 3 [pid 2414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2413] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2415]}, 88) = 2415 [pid 2413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2413] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2413] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2415 attached [pid 2414] <... write resumed>) = 262144 [pid 2414] munmap(0x7f22d9170000, 138412032) = 0 [pid 2414] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2415] set_robust_list(0x7f22d916f9a0, 24 [pid 2414] <... openat resumed>) = 4 [pid 2415] <... set_robust_list resumed>) = 0 [pid 2414] ioctl(4, LOOP_SET_FD, 3 [pid 2415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2415] creat("./bus", 000) = 5 [pid 2415] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2413] <... futex resumed>) = 0 [pid 2413] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2413] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2415] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2413] <... futex resumed>) = 0 [pid 2413] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2413] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2415] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2415] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2413] <... futex resumed>) = 0 [pid 2413] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2413] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2415] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2414] <... ioctl resumed>) = 0 [pid 2414] close(3) = 0 [pid 2414] close(4 [pid 2415] <... mmap resumed>) = 0x20000000 [pid 2415] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2413] <... futex resumed>) = 0 [pid 2413] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2415] memfd_create("syzkaller", 0) = 3 [pid 2415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2414] <... close resumed>) = 0 [pid 2414] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2414] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2414] ioctl(4, LOOP_CLR_FD) = 0 [pid 2414] close(4) = 0 [pid 2414] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2414] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2415] <... mmap resumed>) = 0x7f22d9170000 [pid 2415] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2415] munmap(0x7f22d9170000, 138412032) = 0 [pid 2415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2415] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2415] ioctl(4, LOOP_CLR_FD) = 0 [pid 2415] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2415] close(4) = 0 [pid 2415] close(3) = 0 [pid 2415] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2415] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2413] exit_group(0 [pid 2415] <... futex resumed>) = ? [pid 2413] <... exit_group resumed>) = ? [pid 2414] <... futex resumed>) = ? [pid 2414] +++ exited with 0 +++ [pid 2415] +++ exited with 0 +++ [pid 2413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2413, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./655", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./655", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./655/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./655/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./655/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./655/bus") = 0 umount2("./655/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./655/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./655/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./655") = 0 mkdir("./656", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2416 ./strace-static-x86_64: Process 2416 attached [pid 2416] set_robust_list(0x5555564336a0, 24) = 0 [pid 2416] chdir("./656") = 0 [pid 2416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2416] setpgid(0, 0) = 0 [pid 2416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2416] write(3, "1000", 4) = 4 [pid 2416] close(3) = 0 [pid 2416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2416] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2416] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2417 attached [pid 2417] set_robust_list(0x7f22e15909a0, 24 [pid 2416] <... clone3 resumed> => {parent_tid=[2417]}, 88) = 2417 [pid 2416] rt_sigprocmask(SIG_SETMASK, [], [pid 2417] <... set_robust_list resumed>) = 0 [pid 2416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2416] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] rt_sigprocmask(SIG_SETMASK, [], [pid 2416] <... futex resumed>) = 0 [pid 2417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2416] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2417] memfd_create("syzkaller", 0 [pid 2416] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2417] <... memfd_create resumed>) = 3 [pid 2417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2417] <... mmap resumed>) = 0x7f22d914f000 [pid 2416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2418 attached => {parent_tid=[2418]}, 88) = 2418 [pid 2418] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2418] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2416] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2418] <... futex resumed>) = 0 [pid 2416] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 55.934069][ T2414] loop0: detected capacity change from 0 to 512 [pid 2418] creat("./bus", 000) = 4 [pid 2418] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2418] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] <... futex resumed>) = 0 [pid 2416] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2418] <... futex resumed>) = 0 [pid 2416] <... futex resumed>) = 1 [pid 2418] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2416] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2418] <... mount resumed>) = 0 [pid 2418] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2418] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2416] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2418] <... open resumed>) = 5 [pid 2418] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2418] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2416] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2418] <... mmap resumed>) = 0x20000000 [pid 2417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000da3} --- [pid 2416] <... futex resumed>) = ? [pid 2418] +++ killed by SIGBUS +++ [pid 2417] +++ killed by SIGBUS +++ [pid 2416] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2416, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./656", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./656", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./656/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./656/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./656/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./656/bus") = 0 umount2("./656/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./656/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./656/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./656") = 0 mkdir("./657", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2419 ./strace-static-x86_64: Process 2419 attached [pid 2419] set_robust_list(0x5555564336a0, 24) = 0 [pid 2419] chdir("./657") = 0 [pid 2419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2419] setpgid(0, 0) = 0 [pid 2419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2419] write(3, "1000", 4) = 4 [pid 2419] close(3) = 0 [pid 2419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2419] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2419] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2419] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2420]}, 88) = 2420 [pid 2419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2419] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2419] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2419] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2421 attached => {parent_tid=[2421]}, 88) = 2421 [pid 2419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2419] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2419] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2420 attached [pid 2420] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2421] set_robust_list(0x7f22e156f9a0, 24 [pid 2420] memfd_create("syzkaller", 0) = 3 [pid 2420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2421] <... set_robust_list resumed>) = 0 [pid 2421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2421] creat("./bus", 000) = 4 [pid 2421] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2419] <... futex resumed>) = 0 [pid 2419] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2419] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2421] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2421] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2419] <... futex resumed>) = 0 [pid 2419] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2419] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2421] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2420] <... write resumed>) = 262144 [pid 2420] munmap(0x7f22d914f000, 138412032 [pid 2421] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2420] <... munmap resumed>) = 0 [pid 2420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2420] ioctl(6, LOOP_SET_FD, 3 [pid 2421] <... futex resumed>) = 1 [pid 2419] <... futex resumed>) = 0 [pid 2420] <... ioctl resumed>) = 0 [pid 2420] close(3) = 0 [pid 2420] close(6) = 0 [pid 2419] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2419] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2420] mkdir("./file0", 0777) = 0 [pid 2420] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2421] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2421] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2419] <... futex resumed>) = 0 [pid 2419] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2421] memfd_create("syzkaller", 0) = 3 [pid 2421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2420] <... mount resumed>) = 0 [pid 2420] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2420] ioctl(6, LOOP_CLR_FD) = 0 [pid 2420] close(6) = 0 [pid 2420] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2420] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2421] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2421] munmap(0x7f22d914f000, 138412032) = 0 [pid 2421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2421] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2421] ioctl(6, LOOP_CLR_FD) = 0 [pid 2421] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2421] close(6) = 0 [pid 2421] close(3) = 0 [pid 2421] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2419] exit_group(0 [pid 2420] <... futex resumed>) = ? [pid 2419] <... exit_group resumed>) = ? [pid 2420] +++ exited with 0 +++ [pid 2421] +++ exited with 0 +++ [pid 2419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2419, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./657", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./657", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./657/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./657/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./657/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./657/bus") = 0 umount2("./657/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./657/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./657/binderfs") = 0 umount2("./657/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./657/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./657/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./657/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 56.014809][ T2420] loop0: detected capacity change from 0 to 512 [ 56.026603][ T2420] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./657/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./657/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./657") = 0 mkdir("./658", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2423 ./strace-static-x86_64: Process 2423 attached [pid 2423] set_robust_list(0x5555564336a0, 24) = 0 [pid 2423] chdir("./658") = 0 [pid 2423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2423] setpgid(0, 0) = 0 [pid 2423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2423] write(3, "1000", 4) = 4 [pid 2423] close(3) = 0 [pid 2423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2423] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2423] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2423] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2424 attached => {parent_tid=[2424]}, 88) = 2424 [pid 2424] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2424] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2423] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2424] <... futex resumed>) = 0 [pid 2423] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2424] memfd_create("syzkaller", 0 [pid 2423] <... futex resumed>) = 0 [pid 2424] <... memfd_create resumed>) = 3 [pid 2424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2423] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2425]}, 88) = 2425 [pid 2423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2423] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2423] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2425 attached [pid 2424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2425] set_robust_list(0x7f22d916f9a0, 24 [pid 2424] munmap(0x7f22d9170000, 138412032 [pid 2425] <... set_robust_list resumed>) = 0 [pid 2424] <... munmap resumed>) = 0 [pid 2425] rt_sigprocmask(SIG_SETMASK, [], [pid 2424] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2425] creat("./bus", 000 [pid 2424] <... openat resumed>) = 4 [pid 2424] ioctl(4, LOOP_SET_FD, 3 [pid 2425] <... creat resumed>) = 5 [pid 2425] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2423] <... futex resumed>) = 0 [pid 2423] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2423] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2425] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2425] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2423] <... futex resumed>) = 0 [pid 2423] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2423] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2425] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2425] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2423] <... futex resumed>) = 0 [pid 2423] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2423] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2425] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2424] <... ioctl resumed>) = 0 [pid 2424] close(3) = 0 [pid 2424] close(4) = 0 [pid 2424] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2424] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2424] ioctl(3, LOOP_CLR_FD) = 0 [pid 2424] close(3) = 0 [pid 2424] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2424] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2425] <... mmap resumed>) = 0x20000000 [pid 2425] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2423] <... futex resumed>) = 0 [pid 2423] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2424] <... futex resumed>) = 0 [pid 2424] memfd_create("syzkaller", 0) = 3 [pid 2424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2425] <... futex resumed>) = 1 [pid 2425] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2424] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2424] munmap(0x7f22d9170000, 138412032) = 0 [pid 2424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2424] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2424] ioctl(4, LOOP_CLR_FD) = 0 [pid 2424] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2424] close(4) = 0 [pid 2424] close(3) = 0 [pid 2424] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2424] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2423] exit_group(0 [pid 2425] <... futex resumed>) = ? [pid 2423] <... exit_group resumed>) = ? [pid 2425] +++ exited with 0 +++ [pid 2424] <... futex resumed>) = ? [pid 2424] +++ exited with 0 +++ [pid 2423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2423, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./658", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./658", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./658/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./658/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./658/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./658/bus") = 0 umount2("./658/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./658/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./658/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./658") = 0 mkdir("./659", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2426 ./strace-static-x86_64: Process 2426 attached [pid 2426] set_robust_list(0x5555564336a0, 24) = 0 [pid 2426] chdir("./659") = 0 [pid 2426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2426] setpgid(0, 0) = 0 [pid 2426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2426] write(3, "1000", 4) = 4 [ 56.093534][ T2424] loop0: detected capacity change from 0 to 512 [pid 2426] close(3) = 0 [pid 2426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2426] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2426] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2427 attached [pid 2427] set_robust_list(0x7f22e15909a0, 24 [pid 2426] <... clone3 resumed> => {parent_tid=[2427]}, 88) = 2427 [pid 2427] <... set_robust_list resumed>) = 0 [pid 2427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2427] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2426] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2427] <... futex resumed>) = 0 [pid 2427] memfd_create("syzkaller", 0 [pid 2426] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2427] <... memfd_create resumed>) = 3 [pid 2427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2426] <... mmap resumed>) = 0x7f22e154f000 [pid 2426] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2427] <... mmap resumed>) = 0x7f22d914f000 [pid 2426] <... mprotect resumed>) = 0 [pid 2427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2428 attached => {parent_tid=[2428]}, 88) = 2428 [pid 2428] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2428] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2426] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2428] <... futex resumed>) = 0 [pid 2426] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2428] creat("./bus", 000 [pid 2427] <... write resumed>) = 262144 [pid 2428] <... creat resumed>) = 4 [pid 2427] munmap(0x7f22d914f000, 138412032 [pid 2428] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2427] <... munmap resumed>) = 0 [pid 2427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2427] ioctl(5, LOOP_SET_FD, 3 [pid 2428] <... futex resumed>) = 1 [pid 2427] <... ioctl resumed>) = 0 [pid 2426] <... futex resumed>) = 0 [pid 2427] close(3 [pid 2426] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2427] <... close resumed>) = 0 [pid 2426] <... futex resumed>) = 0 [pid 2427] close(5 [pid 2426] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2428] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2427] <... close resumed>) = 0 [pid 2427] mkdir("./file0", 0777) = 0 [pid 2427] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2428] <... mount resumed>) = 0 [pid 2428] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2426] <... futex resumed>) = 0 [pid 2428] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2426] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2426] <... futex resumed>) = 0 [pid 2428] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2426] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2428] <... open resumed>) = 3 [pid 2428] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2426] <... futex resumed>) = 0 [pid 2428] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2426] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2428] <... mmap resumed>) = 0x20000000 [pid 2428] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2426] <... futex resumed>) = 0 [pid 2426] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2428] <... futex resumed>) = 1 [pid 2428] memfd_create("syzkaller", 0) = 5 [pid 2428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2427] <... mount resumed>) = 0 [pid 2427] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2427] ioctl(6, LOOP_CLR_FD) = 0 [pid 2427] close(6) = 0 [pid 2427] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2427] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2428] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2428] munmap(0x7f22d914f000, 138412032) = 0 [pid 2428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2428] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2428] ioctl(6, LOOP_CLR_FD) = 0 [pid 2428] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2428] close(6) = 0 [pid 2428] close(5) = 0 [pid 2428] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2428] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2426] exit_group(0) = ? [pid 2427] <... futex resumed>) = ? [pid 2427] +++ exited with 0 +++ [pid 2428] <... futex resumed>) = ? [pid 2428] +++ exited with 0 +++ [pid 2426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2426, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./659", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./659", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./659/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./659/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./659/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./659/bus") = 0 umount2("./659/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./659/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./659/binderfs") = 0 [ 56.172016][ T2427] loop0: detected capacity change from 0 to 512 [ 56.185592][ T2427] EXT4-fs (loop0): 1 truncate cleaned up umount2("./659/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./659/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./659/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./659/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./659/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./659/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./659") = 0 mkdir("./660", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2430 ./strace-static-x86_64: Process 2430 attached [pid 2430] set_robust_list(0x5555564336a0, 24) = 0 [pid 2430] chdir("./660") = 0 [pid 2430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2430] setpgid(0, 0) = 0 [pid 2430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2430] write(3, "1000", 4) = 4 [pid 2430] close(3) = 0 [pid 2430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2430] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2430] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2430] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2430] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2431]}, 88) = 2431 [pid 2430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2430] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2430] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2430] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2432]}, 88) = 2432 [pid 2430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2430] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2430] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2431 attached [pid 2431] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 2432 attached [pid 2431] memfd_create("syzkaller", 0 [pid 2432] set_robust_list(0x7f22e156f9a0, 24 [pid 2431] <... memfd_create resumed>) = 3 [pid 2432] <... set_robust_list resumed>) = 0 [pid 2431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2432] creat("./bus", 000) = 4 [pid 2432] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2430] <... futex resumed>) = 0 [pid 2430] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2430] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2432] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2432] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2432] <... futex resumed>) = 1 [pid 2430] <... futex resumed>) = 0 [pid 2430] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2430] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2432] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2432] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2430] <... futex resumed>) = 0 [pid 2430] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2430] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2431] <... write resumed>) = 262144 [pid 2431] munmap(0x7f22d914f000, 138412032 [pid 2432] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2431] <... munmap resumed>) = 0 [pid 2431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2431] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 2431] close(3) = 0 [pid 2431] close(6 [pid 2432] <... mmap resumed>) = 0x20000000 [pid 2431] <... close resumed>) = 0 [pid 2431] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2431] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2431] ioctl(3, LOOP_CLR_FD) = 0 [pid 2431] close(3) = 0 [pid 2431] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2432] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2430] <... futex resumed>) = 0 [pid 2430] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2431] <... futex resumed>) = 0 [pid 2431] memfd_create("syzkaller", 0 [pid 2432] <... futex resumed>) = 1 [pid 2432] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2431] <... memfd_create resumed>) = 3 [pid 2431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2431] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2431] munmap(0x7f22d914f000, 138412032) = 0 [pid 2431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2431] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2431] ioctl(6, LOOP_CLR_FD) = 0 [pid 2431] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2431] close(6) = 0 [pid 2431] close(3) = 0 [pid 2431] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2430] exit_group(0 [pid 2432] <... futex resumed>) = ? [pid 2430] <... exit_group resumed>) = ? [pid 2432] +++ exited with 0 +++ [pid 2431] <... futex resumed>) = ? [pid 2431] +++ exited with 0 +++ [pid 2430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2430, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./660", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./660", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./660/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./660/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./660/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./660/bus") = 0 umount2("./660/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./660/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./660/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./660") = 0 mkdir("./661", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2433 ./strace-static-x86_64: Process 2433 attached [pid 2433] set_robust_list(0x5555564336a0, 24) = 0 [pid 2433] chdir("./661") = 0 [pid 2433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2433] setpgid(0, 0) = 0 [pid 2433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2433] write(3, "1000", 4) = 4 [pid 2433] close(3) = 0 [pid 2433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2433] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2433] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2433] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2434]}, 88) = 2434 [pid 2433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2433] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2433] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2433] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2435]}, 88) = 2435 ./strace-static-x86_64: Process 2435 attached ./strace-static-x86_64: Process 2434 attached [pid 2433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2433] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2433] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2435] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2435] creat("./bus", 000 [pid 2434] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2435] <... creat resumed>) = 3 [pid 2435] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2433] <... futex resumed>) = 0 [pid 2433] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2433] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2435] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2435] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2433] <... futex resumed>) = 0 [pid 2433] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2433] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2435] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2435] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2433] <... futex resumed>) = 0 [pid 2433] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2433] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 56.253743][ T2431] loop0: detected capacity change from 0 to 512 [pid 2435] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2434] rt_sigprocmask(SIG_SETMASK, [], [pid 2435] <... mmap resumed>) = 0x20000000 [pid 2435] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2435] <... futex resumed>) = 1 [pid 2434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000184} --- [pid 2433] <... futex resumed>) = 0 [pid 2433] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2434] +++ killed by SIGBUS +++ [pid 2435] +++ killed by SIGBUS +++ [pid 2433] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2433, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./661", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./661", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./661/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./661/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./661/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./661/bus") = 0 umount2("./661/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./661/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./661/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./661") = 0 mkdir("./662", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2436 ./strace-static-x86_64: Process 2436 attached [pid 2436] set_robust_list(0x5555564336a0, 24) = 0 [pid 2436] chdir("./662") = 0 [pid 2436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2436] setpgid(0, 0) = 0 [pid 2436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2436] write(3, "1000", 4) = 4 [pid 2436] close(3) = 0 [pid 2436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2436] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2436] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2437 attached => {parent_tid=[2437]}, 88) = 2437 [pid 2437] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2437] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2436] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2437] <... futex resumed>) = 0 [pid 2437] memfd_create("syzkaller", 0) = 3 [pid 2437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2436] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2436] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2438 attached => {parent_tid=[2438]}, 88) = 2438 [pid 2438] set_robust_list(0x7f22d916f9a0, 24 [pid 2436] rt_sigprocmask(SIG_SETMASK, [], [pid 2437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2438] <... set_robust_list resumed>) = 0 [pid 2436] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2438] rt_sigprocmask(SIG_SETMASK, [], [pid 2436] <... futex resumed>) = 0 [pid 2438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2436] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2438] creat("./bus", 000) = 4 [pid 2438] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2436] <... futex resumed>) = 0 [pid 2438] <... futex resumed>) = 1 [pid 2437] <... write resumed>) = 262144 [pid 2437] munmap(0x7f22d9170000, 138412032 [pid 2436] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2438] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2437] <... munmap resumed>) = 0 [pid 2437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2438] <... mount resumed>) = 0 [pid 2436] <... futex resumed>) = 0 [pid 2437] ioctl(5, LOOP_SET_FD, 3 [pid 2438] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2436] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2436] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 2436] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2438] <... futex resumed>) = 1 [pid 2438] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2438] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2436] <... futex resumed>) = 0 [pid 2436] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2438] <... futex resumed>) = 1 [pid 2438] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2437] <... ioctl resumed>) = 0 [pid 2437] close(3) = 0 [pid 2437] close(5) = 0 [pid 2437] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2437] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2437] ioctl(3, LOOP_CLR_FD) = 0 [pid 2437] close(3) = 0 [pid 2437] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2437] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2438] <... mmap resumed>) = 0x20000000 [pid 2438] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2436] <... futex resumed>) = 0 [pid 2436] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2437] <... futex resumed>) = 0 [pid 2437] memfd_create("syzkaller", 0) = 3 [pid 2437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2438] <... futex resumed>) = 1 [pid 2438] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2437] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2437] munmap(0x7f22d9170000, 138412032) = 0 [pid 2437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2437] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2437] ioctl(5, LOOP_CLR_FD) = 0 [pid 2437] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2437] close(5) = 0 [pid 2437] close(3) = 0 [pid 2437] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2437] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2436] exit_group(0 [pid 2438] <... futex resumed>) = ? [pid 2436] <... exit_group resumed>) = ? [pid 2438] +++ exited with 0 +++ [pid 2437] <... futex resumed>) = ? [pid 2437] +++ exited with 0 +++ [pid 2436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2436, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./662", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./662", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./662/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./662/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./662/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./662/bus") = 0 umount2("./662/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./662/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./662/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./662") = 0 mkdir("./663", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2439 attached [pid 2439] set_robust_list(0x5555564336a0, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2439 [pid 2439] chdir("./663") = 0 [pid 2439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2439] setpgid(0, 0) = 0 [ 56.328759][ T2437] loop0: detected capacity change from 0 to 512 [ 56.335368][ T2438] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 27 prio class 2 [pid 2439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2439] write(3, "1000", 4) = 4 [pid 2439] close(3) = 0 [pid 2439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2439] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2439] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2439] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2440]}, 88) = 2440 [pid 2439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2439] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2439] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2439] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2441]}, 88) = 2441 [pid 2439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2439] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2439] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2440 attached [pid 2440] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2440] memfd_create("syzkaller", 0) = 3 [pid 2440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2441 attached [pid 2441] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2441] creat("./bus", 000 [pid 2440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2441] <... creat resumed>) = 4 [pid 2441] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2439] <... futex resumed>) = 0 [pid 2439] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2439] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2441] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2441] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2440] <... write resumed>) = 262144 [pid 2440] munmap(0x7f22d914f000, 138412032) = 0 [pid 2441] <... futex resumed>) = 1 [pid 2439] <... futex resumed>) = 0 [pid 2439] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2439] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2440] ioctl(5, LOOP_SET_FD, 3 [pid 2441] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2440] <... ioctl resumed>) = 0 [pid 2440] close(3) = 0 [pid 2440] close(5 [pid 2441] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2440] <... close resumed>) = 0 [pid 2440] mkdir("./file0", 0777) = 0 [pid 2440] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2441] <... futex resumed>) = 1 [pid 2439] <... futex resumed>) = 0 [pid 2439] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2439] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2441] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 2441] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2439] <... futex resumed>) = 0 [pid 2439] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] <... futex resumed>) = 1 [pid 2441] memfd_create("syzkaller", 0) = 3 [pid 2441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2440] <... mount resumed>) = 0 [pid 2440] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2440] ioctl(5, LOOP_CLR_FD) = 0 [pid 2441] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2440] close(5) = 0 [pid 2440] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2440] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2441] <... write resumed>) = 4194304 [pid 2441] munmap(0x7f22d914f000, 138412032) = 0 [pid 2441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2441] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2441] ioctl(5, LOOP_CLR_FD) = 0 [pid 2441] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2441] close(5) = 0 [pid 2441] close(3) = 0 [pid 2441] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2439] exit_group(0) = ? [pid 2440] <... futex resumed>) = ? [pid 2440] +++ exited with 0 +++ [pid 2441] <... futex resumed>) = ? [pid 2441] +++ exited with 0 +++ [pid 2439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2439, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./663", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./663", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./663/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./663/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./663/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./663/bus") = 0 umount2("./663/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./663/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./663/binderfs") = 0 umount2("./663/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./663/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./663/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./663/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./663/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./663/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./663") = 0 mkdir("./664", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2444 ./strace-static-x86_64: Process 2444 attached [pid 2444] set_robust_list(0x5555564336a0, 24) = 0 [pid 2444] chdir("./664") = 0 [pid 2444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2444] setpgid(0, 0) = 0 [pid 2444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2444] write(3, "1000", 4) = 4 [pid 2444] close(3) = 0 [pid 2444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2444] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2444] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2444] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2445]}, 88) = 2445 ./strace-static-x86_64: Process 2445 attached [pid 2445] set_robust_list(0x7f22e15909a0, 24 [pid 2444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2444] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2444] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2444] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2445] <... set_robust_list resumed>) = 0 [pid 2444] <... mprotect resumed>) = 0 [pid 2444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2445] rt_sigprocmask(SIG_SETMASK, [], [pid 2444] <... clone3 resumed> => {parent_tid=[2446]}, 88) = 2446 [pid 2444] rt_sigprocmask(SIG_SETMASK, [], [pid 2445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2444] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2444] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2446 attached [pid 2446] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2446] creat("./bus", 000 [pid 2445] memfd_create("syzkaller", 0 [pid 2446] <... creat resumed>) = 3 [pid 2446] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2444] <... futex resumed>) = 0 [pid 2444] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2444] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2446] <... futex resumed>) = 1 [pid 2446] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2445] <... memfd_create resumed>) = 4 [pid 2446] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2444] <... futex resumed>) = 0 [pid 2444] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2444] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2446] <... futex resumed>) = 1 [pid 2446] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2446] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2444] <... futex resumed>) = 0 [pid 2444] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2444] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2446] <... futex resumed>) = 1 [pid 2446] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2446] <... mmap resumed>) = 0x20000000 [ 56.398568][ T2440] loop0: detected capacity change from 0 to 512 [ 56.411719][ T2440] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor245: couldn't read orphan inode 12 (err -116) [pid 2446] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2445] <... mmap resumed>) = 0x7f22d914f000 [pid 2444] <... futex resumed>) = 0 [pid 2444] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000982} --- [pid 2444] <... futex resumed>) = 0 [pid 2446] <... futex resumed>) = 1 [pid 2446] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2446] +++ killed by SIGBUS +++ [pid 2445] +++ killed by SIGBUS +++ [pid 2444] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2444, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./664", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./664", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./664/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./664/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./664/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./664/bus") = 0 umount2("./664/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./664/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./664/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./664") = 0 mkdir("./665", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2447 ./strace-static-x86_64: Process 2447 attached [pid 2447] set_robust_list(0x5555564336a0, 24) = 0 [pid 2447] chdir("./665") = 0 [pid 2447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2447] setpgid(0, 0) = 0 [pid 2447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2447] write(3, "1000", 4) = 4 [pid 2447] close(3) = 0 [pid 2447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2447] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2447] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2447] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2448 attached => {parent_tid=[2448]}, 88) = 2448 [pid 2448] set_robust_list(0x7f22e15909a0, 24 [pid 2447] rt_sigprocmask(SIG_SETMASK, [], [pid 2448] <... set_robust_list resumed>) = 0 [pid 2447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2448] rt_sigprocmask(SIG_SETMASK, [], [pid 2447] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2447] <... futex resumed>) = 0 [pid 2447] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2448] memfd_create("syzkaller", 0 [pid 2447] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2448] <... memfd_create resumed>) = 3 [pid 2448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2447] <... mprotect resumed>) = 0 [pid 2447] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2448] <... mmap resumed>) = 0x7f22d914f000 [pid 2447] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2449 attached => {parent_tid=[2449]}, 88) = 2449 [pid 2449] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2449] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2447] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2449] <... futex resumed>) = 0 [pid 2449] creat("./bus", 000 [pid 2447] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2449] <... creat resumed>) = 4 [pid 2449] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] <... futex resumed>) = 0 [pid 2447] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2449] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2447] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2449] <... mount resumed>) = 0 [pid 2449] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] <... futex resumed>) = 0 [pid 2449] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2447] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2447] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2449] <... open resumed>) = 5 [pid 2449] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] <... futex resumed>) = 0 [pid 2449] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2447] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2447] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2449] <... mmap resumed>) = 0x20000000 [pid 2449] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2448] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d04} --- [pid 2447] <... futex resumed>) = ? [pid 2449] <... futex resumed>) = ? [pid 2449] +++ killed by SIGBUS +++ [pid 2448] +++ killed by SIGBUS +++ [pid 2447] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2447, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./665", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./665", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./665/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./665/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./665/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./665/bus") = 0 umount2("./665/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./665/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./665/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./665") = 0 mkdir("./666", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2450 ./strace-static-x86_64: Process 2450 attached [pid 2450] set_robust_list(0x5555564336a0, 24) = 0 [pid 2450] chdir("./666") = 0 [pid 2450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2450] setpgid(0, 0) = 0 [pid 2450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2450] write(3, "1000", 4) = 4 [pid 2450] close(3) = 0 [pid 2450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2450] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2450] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2451]}, 88) = 2451 [pid 2450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2450] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2450] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2452]}, 88) = 2452 [pid 2450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2450] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2451 attached [pid 2451] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2451] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2452 attached NULL, 8) = 0 [pid 2451] memfd_create("syzkaller", 0 [pid 2452] set_robust_list(0x7f22e156f9a0, 24 [pid 2451] <... memfd_create resumed>) = 3 [pid 2451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2452] <... set_robust_list resumed>) = 0 [pid 2451] <... mmap resumed>) = 0x7f22d914f000 [pid 2452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2452] creat("./bus", 000) = 4 [pid 2452] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2450] <... futex resumed>) = 0 [pid 2450] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2452] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2452] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2450] <... futex resumed>) = 0 [pid 2450] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2452] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2452] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2450] <... futex resumed>) = 0 [pid 2450] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2452] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2452] <... mmap resumed>) = 0x20000000 [pid 2452] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2450] <... futex resumed>) = 0 [pid 2450] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2451] <... write resumed>) = ? [pid 2452] +++ killed by SIGBUS +++ [pid 2451] +++ killed by SIGBUS +++ [pid 2450] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2450, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./666", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./666", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./666/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./666/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./666/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./666/bus") = 0 umount2("./666/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./666/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./666/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./666") = 0 mkdir("./667", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2453 ./strace-static-x86_64: Process 2453 attached [pid 2453] set_robust_list(0x5555564336a0, 24) = 0 [pid 2453] chdir("./667") = 0 [pid 2453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2453] setpgid(0, 0) = 0 [pid 2453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2453] write(3, "1000", 4) = 4 [pid 2453] close(3) = 0 [pid 2453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2453] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2453] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2453] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2454 attached => {parent_tid=[2454]}, 88) = 2454 [pid 2454] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2454] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2453] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2453] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2454] <... futex resumed>) = 0 [pid 2454] memfd_create("syzkaller", 0) = 3 [pid 2454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2453] <... futex resumed>) = 0 [pid 2453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2453] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2455 attached [pid 2454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2455] set_robust_list(0x7f22d916f9a0, 24 [pid 2453] <... clone3 resumed> => {parent_tid=[2455]}, 88) = 2455 [pid 2453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2453] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2453] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2454] <... write resumed>) = 262144 [pid 2455] <... set_robust_list resumed>) = 0 [pid 2454] munmap(0x7f22d9170000, 138412032 [pid 2455] rt_sigprocmask(SIG_SETMASK, [], [pid 2454] <... munmap resumed>) = 0 [pid 2455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2454] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2455] creat("./bus", 000 [pid 2454] <... openat resumed>) = 4 [pid 2454] ioctl(4, LOOP_SET_FD, 3 [pid 2455] <... creat resumed>) = 5 [pid 2455] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2453] <... futex resumed>) = 0 [pid 2453] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2453] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2455] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2455] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2453] <... futex resumed>) = 0 [pid 2453] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2453] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2455] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2455] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2453] <... futex resumed>) = 0 [pid 2453] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2453] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2455] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2454] <... ioctl resumed>) = 0 [pid 2454] close(3) = 0 [pid 2454] close(4) = 0 [pid 2454] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2454] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2454] ioctl(3, LOOP_CLR_FD) = 0 [pid 2454] close(3) = 0 [pid 2454] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2454] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2455] <... mmap resumed>) = 0x20000000 [pid 2455] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2453] <... futex resumed>) = 0 [pid 2453] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2454] <... futex resumed>) = 0 [pid 2454] memfd_create("syzkaller", 0) = 3 [pid 2454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2455] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2454] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2454] munmap(0x7f22d9170000, 138412032) = 0 [pid 2454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2454] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2454] ioctl(4, LOOP_CLR_FD) = 0 [pid 2454] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2454] close(4) = 0 [pid 2454] close(3) = 0 [pid 2454] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2453] exit_group(0 [pid 2455] <... futex resumed>) = ? [pid 2453] <... exit_group resumed>) = ? [pid 2454] +++ exited with 0 +++ [pid 2455] +++ exited with 0 +++ [pid 2453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2453, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./667", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./667", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./667/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./667/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./667/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./667/bus") = 0 umount2("./667/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./667/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./667/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./667") = 0 mkdir("./668", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2456 ./strace-static-x86_64: Process 2456 attached [pid 2456] set_robust_list(0x5555564336a0, 24) = 0 [pid 2456] chdir("./668") = 0 [pid 2456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2456] setpgid(0, 0) = 0 [pid 2456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2456] write(3, "1000", 4) = 4 [pid 2456] close(3) = 0 [pid 2456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2456] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2456] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2456] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2457]}, 88) = 2457 [pid 2456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2456] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2456] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2456] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2457 attached => {parent_tid=[2458]}, 88) = 2458 [pid 2456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2456] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2456] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2457] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2457] memfd_create("syzkaller", 0) = 3 [pid 2457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2458 attached [pid 2458] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2457] <... write resumed>) = 262144 [pid 2457] munmap(0x7f22d914f000, 138412032 [pid 2458] creat("./bus", 000 [pid 2457] <... munmap resumed>) = 0 [pid 2457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.550114][ T2454] loop0: detected capacity change from 0 to 512 [pid 2457] ioctl(4, LOOP_SET_FD, 3 [pid 2458] <... creat resumed>) = 5 [pid 2458] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2458] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2457] <... ioctl resumed>) = 0 [pid 2456] <... futex resumed>) = 0 [pid 2457] close(3 [pid 2456] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2457] <... close resumed>) = 0 [pid 2456] <... futex resumed>) = 1 [pid 2458] <... futex resumed>) = 0 [pid 2458] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2456] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2458] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2458] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2457] close(4 [pid 2456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2456] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2457] <... close resumed>) = 0 [pid 2456] <... futex resumed>) = 1 [pid 2457] mkdir("./file0", 0777 [pid 2456] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2458] <... futex resumed>) = 0 [pid 2458] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2458] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2458] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2456] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2456] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2458] <... futex resumed>) = 0 [pid 2458] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2457] <... mkdir resumed>) = 0 [pid 2457] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2457] ioctl(4, LOOP_CLR_FD) = 0 [pid 2457] close(4 [pid 2458] <... mmap resumed>) = 0x20000000 [pid 2457] <... close resumed>) = 0 [pid 2457] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2457] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2458] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2456] <... futex resumed>) = 0 [pid 2456] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2457] <... futex resumed>) = 0 [pid 2457] memfd_create("syzkaller", 0) = 4 [pid 2457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2458] <... futex resumed>) = 1 [pid 2458] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2457] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2457] munmap(0x7f22d914f000, 138412032) = 0 [pid 2457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2457] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2457] ioctl(6, LOOP_CLR_FD) = 0 [pid 2457] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2457] close(6) = 0 [pid 2457] close(4) = 0 [pid 2457] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2457] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2456] exit_group(0) = ? [pid 2458] <... futex resumed>) = ? [pid 2457] <... futex resumed>) = ? [pid 2458] +++ exited with 0 +++ [pid 2457] +++ exited with 0 +++ [pid 2456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2456, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./668", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./668", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./668/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./668/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./668/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./668/bus") = 0 umount2("./668/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./668/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./668/binderfs") = 0 umount2("./668/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./668/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./668/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./668/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./668/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./668") = 0 mkdir("./669", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2459 ./strace-static-x86_64: Process 2459 attached [pid 2459] set_robust_list(0x5555564336a0, 24) = 0 [pid 2459] chdir("./669") = 0 [pid 2459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2459] setpgid(0, 0) = 0 [ 56.610513][ T2457] loop0: detected capacity change from 0 to 512 [pid 2459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2459] write(3, "1000", 4) = 4 [pid 2459] close(3) = 0 [pid 2459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2459] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2459] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2459] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2460 attached => {parent_tid=[2460]}, 88) = 2460 [pid 2460] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2460] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2459] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2460] <... futex resumed>) = 0 [pid 2460] memfd_create("syzkaller", 0) = 3 [pid 2460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2459] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2459] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2461 attached => {parent_tid=[2461]}, 88) = 2461 [pid 2461] set_robust_list(0x7f22d916f9a0, 24 [pid 2459] rt_sigprocmask(SIG_SETMASK, [], [pid 2460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2461] <... set_robust_list resumed>) = 0 [pid 2459] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2461] rt_sigprocmask(SIG_SETMASK, [], [pid 2459] <... futex resumed>) = 0 [pid 2459] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2461] creat("./bus", 000) = 4 [pid 2461] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2459] <... futex resumed>) = 0 [pid 2461] <... futex resumed>) = 1 [pid 2460] <... write resumed>) = 262144 [pid 2460] munmap(0x7f22d9170000, 138412032 [pid 2459] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2461] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2460] <... munmap resumed>) = 0 [pid 2459] <... futex resumed>) = 0 [pid 2460] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2461] <... mount resumed>) = 0 [pid 2459] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2461] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2460] <... openat resumed>) = 5 [pid 2461] <... futex resumed>) = 1 [pid 2461] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2460] ioctl(5, LOOP_SET_FD, 3 [pid 2459] <... futex resumed>) = 0 [pid 2459] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2461] <... futex resumed>) = 0 [pid 2461] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2459] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2461] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2461] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2459] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2461] <... futex resumed>) = 0 [pid 2459] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2461] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2460] <... ioctl resumed>) = 0 [pid 2460] close(3) = 0 [pid 2460] close(5 [pid 2461] <... mmap resumed>) = 0x20000000 [pid 2460] <... close resumed>) = 0 [pid 2460] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2460] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2460] ioctl(3, LOOP_CLR_FD) = 0 [pid 2460] close(3) = 0 [pid 2460] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2460] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2461] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2459] <... futex resumed>) = 0 [pid 2459] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2460] <... futex resumed>) = 0 [pid 2460] memfd_create("syzkaller", 0) = 3 [pid 2460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2461] <... futex resumed>) = 1 [pid 2461] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2460] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2460] munmap(0x7f22d9170000, 138412032) = 0 [pid 2460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2460] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2460] ioctl(5, LOOP_CLR_FD) = 0 [pid 2460] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2460] close(5) = 0 [pid 2460] close(3) = 0 [pid 2460] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2460] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2459] exit_group(0 [pid 2461] <... futex resumed>) = ? [pid 2459] <... exit_group resumed>) = ? [pid 2461] +++ exited with 0 +++ [pid 2460] <... futex resumed>) = ? [pid 2460] +++ exited with 0 +++ [pid 2459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2459, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./669", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./669", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./669/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./669/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./669/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./669/bus") = 0 umount2("./669/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./669/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./669/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./669") = 0 mkdir("./670", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2462 ./strace-static-x86_64: Process 2462 attached [pid 2462] set_robust_list(0x5555564336a0, 24) = 0 [pid 2462] chdir("./670") = 0 [pid 2462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2462] setpgid(0, 0) = 0 [pid 2462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2462] write(3, "1000", 4) = 4 [pid 2462] close(3) = 0 [pid 2462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2462] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2462] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2462] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2463]}, 88) = 2463 [pid 2462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2462] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2462] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2463 attached [pid 2462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2463] set_robust_list(0x7f22e15909a0, 24 [pid 2462] <... mmap resumed>) = 0x7f22e154f000 [pid 2463] <... set_robust_list resumed>) = 0 [pid 2462] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2463] rt_sigprocmask(SIG_SETMASK, [], [pid 2462] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2462] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2463] memfd_create("syzkaller", 0 [ 56.682665][ T2460] loop0: detected capacity change from 0 to 512 [pid 2462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2463] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 2464 attached [pid 2462] <... clone3 resumed> => {parent_tid=[2464]}, 88) = 2464 [pid 2464] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2464] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2462] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2463] <... mmap resumed>) = 0x7f22d914f000 [pid 2462] <... futex resumed>) = 1 [pid 2464] <... futex resumed>) = 0 [pid 2462] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2464] creat("./bus", 000) = 4 [pid 2464] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2464] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2462] <... futex resumed>) = 0 [pid 2462] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2464] <... futex resumed>) = 0 [pid 2464] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2462] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2464] <... mount resumed>) = 0 [pid 2464] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2464] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2462] <... futex resumed>) = 0 [pid 2462] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2462] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2464] <... futex resumed>) = 0 [pid 2464] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2464] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2462] <... futex resumed>) = 0 [pid 2464] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2462] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2462] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2464] <... mmap resumed>) = 0x20000000 [pid 2463] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d98} --- [pid 2462] <... futex resumed>) = ? [pid 2464] +++ killed by SIGBUS +++ [pid 2463] +++ killed by SIGBUS +++ [pid 2462] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2462, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./670", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./670", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./670/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./670/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./670/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./670/bus") = 0 umount2("./670/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./670/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./670/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./670") = 0 mkdir("./671", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2465 ./strace-static-x86_64: Process 2465 attached [pid 2465] set_robust_list(0x5555564336a0, 24) = 0 [pid 2465] chdir("./671") = 0 [pid 2465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2465] setpgid(0, 0) = 0 [pid 2465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2465] write(3, "1000", 4) = 4 [pid 2465] close(3) = 0 [pid 2465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2465] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2465] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2465] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2465] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2466 attached => {parent_tid=[2466]}, 88) = 2466 [pid 2466] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2465] rt_sigprocmask(SIG_SETMASK, [], [pid 2466] rt_sigprocmask(SIG_SETMASK, [], [pid 2465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2465] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2465] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2466] memfd_create("syzkaller", 0 [pid 2465] <... futex resumed>) = 0 [pid 2466] <... memfd_create resumed>) = 3 [pid 2465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2465] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2466] <... mmap resumed>) = 0x7f22d914f000 [pid 2465] <... mprotect resumed>) = 0 [pid 2465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2467 attached [pid 2467] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2467] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2465] <... clone3 resumed> => {parent_tid=[2467]}, 88) = 2467 [pid 2465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2465] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2465] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2467] <... futex resumed>) = 0 [pid 2467] creat("./bus", 000) = 4 [pid 2467] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2467] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2465] <... futex resumed>) = 0 [pid 2465] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2467] <... futex resumed>) = 0 [pid 2465] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2467] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2467] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2465] <... futex resumed>) = 0 [pid 2467] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2465] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2465] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2467] <... open resumed>) = 5 [pid 2467] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2465] <... futex resumed>) = 0 [pid 2467] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2465] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2465] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2467] <... mmap resumed>) = 0x20000000 [pid 2466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2467] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2465] <... futex resumed>) = 0 [pid 2465] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2467] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2466] <... write resumed>) = ? [pid 2466] +++ killed by SIGBUS +++ [pid 2467] +++ killed by SIGBUS +++ [pid 2465] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2465, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./671", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./671", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./671/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./671/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./671/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./671/bus") = 0 umount2("./671/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./671/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./671/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./671") = 0 mkdir("./672", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2468 ./strace-static-x86_64: Process 2468 attached [pid 2468] set_robust_list(0x5555564336a0, 24) = 0 [pid 2468] chdir("./672") = 0 [pid 2468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2468] setpgid(0, 0) = 0 [pid 2468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2468] write(3, "1000", 4) = 4 [pid 2468] close(3) = 0 [pid 2468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2468] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2468] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2468] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2469 attached => {parent_tid=[2469]}, 88) = 2469 [pid 2469] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2469] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2468] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2468] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2468] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2469] <... futex resumed>) = 0 [pid 2468] <... clone3 resumed> => {parent_tid=[2470]}, 88) = 2470 [pid 2468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2468] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2468] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2470 attached [pid 2470] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2470] creat("./bus", 000 [pid 2469] memfd_create("syzkaller", 0 [pid 2470] <... creat resumed>) = 3 [pid 2469] <... memfd_create resumed>) = 4 [pid 2470] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2468] <... futex resumed>) = 0 [pid 2468] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2468] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2470] <... futex resumed>) = 1 [pid 2470] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2470] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2468] <... futex resumed>) = 0 [pid 2468] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2468] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2470] <... futex resumed>) = 1 [pid 2470] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2470] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2468] <... futex resumed>) = 0 [pid 2468] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2468] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2470] <... futex resumed>) = 1 [pid 2470] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2470] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2468] <... futex resumed>) = 0 [pid 2468] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2470] <... futex resumed>) = 1 [pid 2470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2469] <... mmap resumed>) = ? [pid 2470] +++ killed by SIGBUS +++ [pid 2469] +++ killed by SIGBUS +++ [pid 2468] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2468, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./672", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./672", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./672/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./672/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./672/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./672/bus") = 0 umount2("./672/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./672/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./672/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./672") = 0 mkdir("./673", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2471 ./strace-static-x86_64: Process 2471 attached [pid 2471] set_robust_list(0x5555564336a0, 24) = 0 [pid 2471] chdir("./673") = 0 [pid 2471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2471] setpgid(0, 0) = 0 [pid 2471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2471] write(3, "1000", 4) = 4 [pid 2471] close(3) = 0 [pid 2471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2471] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2471] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2472 attached => {parent_tid=[2472]}, 88) = 2472 [pid 2472] set_robust_list(0x7f22e15909a0, 24 [pid 2471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2471] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2471] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2472] <... set_robust_list resumed>) = 0 [pid 2471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2472] rt_sigprocmask(SIG_SETMASK, [], [pid 2471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2473]}, 88) = 2473 [pid 2472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2472] memfd_create("syzkaller", 0 [pid 2471] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2473 attached [pid 2473] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2473] creat("./bus", 000 [pid 2472] <... memfd_create resumed>) = 4 [pid 2473] <... creat resumed>) = 3 [pid 2473] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2471] <... futex resumed>) = 0 [pid 2471] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2473] <... futex resumed>) = 1 [pid 2473] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2473] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2471] <... futex resumed>) = 0 [pid 2471] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2473] <... futex resumed>) = 1 [pid 2473] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2473] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2471] <... futex resumed>) = 0 [pid 2471] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2473] <... futex resumed>) = 1 [pid 2473] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2473] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2471] <... futex resumed>) = 0 [pid 2471] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2472] <... mmap resumed>) = 0x7f22d914f000 [pid 2473] <... futex resumed>) = 1 [pid 2473] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2473] +++ killed by SIGBUS +++ [pid 2472] +++ killed by SIGBUS +++ [pid 2471] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2471, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./673", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./673", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./673/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./673/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./673/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./673/bus") = 0 umount2("./673/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./673/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./673/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./673") = 0 mkdir("./674", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2474 ./strace-static-x86_64: Process 2474 attached [pid 2474] set_robust_list(0x5555564336a0, 24) = 0 [pid 2474] chdir("./674") = 0 [pid 2474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2474] setpgid(0, 0) = 0 [pid 2474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2474] write(3, "1000", 4) = 4 [pid 2474] close(3) = 0 [pid 2474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2474] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2474] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2474] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2475 attached => {parent_tid=[2475]}, 88) = 2475 [pid 2475] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2475] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2474] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2475] <... futex resumed>) = 0 [pid 2475] memfd_create("syzkaller", 0 [pid 2474] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2475] <... memfd_create resumed>) = 3 [pid 2475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2474] <... futex resumed>) = 0 [pid 2474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2474] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2474] <... clone3 resumed> => {parent_tid=[2476]}, 88) = 2476 [pid 2474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2474] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2476 attached [pid 2475] <... write resumed>) = 262144 [pid 2476] set_robust_list(0x7f22d916f9a0, 24 [pid 2475] munmap(0x7f22d9170000, 138412032 [pid 2474] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2476] <... set_robust_list resumed>) = 0 [pid 2475] <... munmap resumed>) = 0 [pid 2476] rt_sigprocmask(SIG_SETMASK, [], [pid 2475] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2476] creat("./bus", 000 [pid 2475] <... openat resumed>) = 4 [pid 2475] ioctl(4, LOOP_SET_FD, 3 [pid 2476] <... creat resumed>) = 5 [pid 2476] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2474] <... futex resumed>) = 0 [pid 2474] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2474] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2476] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2476] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2474] <... futex resumed>) = 0 [pid 2474] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2474] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2476] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2476] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2474] <... futex resumed>) = 0 [pid 2474] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2474] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2476] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2475] <... ioctl resumed>) = 0 [pid 2475] close(3) = 0 [pid 2475] close(4) = 0 [pid 2475] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2475] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2475] ioctl(3, LOOP_CLR_FD) = 0 [pid 2475] close(3) = 0 [pid 2475] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2475] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2476] <... mmap resumed>) = 0x20000000 [pid 2476] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2474] <... futex resumed>) = 0 [pid 2474] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2475] <... futex resumed>) = 0 [pid 2475] memfd_create("syzkaller", 0) = 3 [pid 2475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2476] <... futex resumed>) = 1 [pid 2476] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2475] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2475] munmap(0x7f22d9170000, 138412032) = 0 [pid 2475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2475] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2475] ioctl(4, LOOP_CLR_FD) = 0 [pid 2475] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2475] close(4) = 0 [pid 2475] close(3) = 0 [pid 2475] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2475] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2474] exit_group(0 [pid 2476] <... futex resumed>) = ? [pid 2475] <... futex resumed>) = ? [pid 2474] <... exit_group resumed>) = ? [pid 2476] +++ exited with 0 +++ [pid 2475] +++ exited with 0 +++ [pid 2474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2474, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./674", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./674", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./674/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./674/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./674/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./674/bus") = 0 umount2("./674/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./674/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./674/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./674") = 0 mkdir("./675", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2477 ./strace-static-x86_64: Process 2477 attached [pid 2477] set_robust_list(0x5555564336a0, 24) = 0 [pid 2477] chdir("./675") = 0 [pid 2477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2477] setpgid(0, 0) = 0 [pid 2477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2477] write(3, "1000", 4) = 4 [pid 2477] close(3) = 0 [pid 2477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2477] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2477] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2477] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2478 attached => {parent_tid=[2478]}, 88) = 2478 [pid 2477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2477] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2477] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2477] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2479]}, 88) = 2479 [pid 2477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2477] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2477] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2478] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2478] memfd_create("syzkaller", 0./strace-static-x86_64: Process 2479 attached ) = 3 [pid 2478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2479] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2479] creat("./bus", 000) = 4 [pid 2479] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2477] <... futex resumed>) = 0 [pid 2477] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2477] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2479] <... futex resumed>) = 1 [pid 2479] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2479] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2478] <... write resumed>) = 262144 [pid 2478] munmap(0x7f22d914f000, 138412032) = 0 [pid 2478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2478] ioctl(5, LOOP_SET_FD, 3 [pid 2477] <... futex resumed>) = 0 [pid 2477] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.827836][ T2475] loop0: detected capacity change from 0 to 512 [pid 2477] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2479] <... futex resumed>) = 1 [pid 2478] <... ioctl resumed>) = 0 [pid 2478] close(3) = 0 [pid 2478] close(5 [pid 2479] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2478] <... close resumed>) = 0 [pid 2478] mkdir("./file0", 0777) = 0 [pid 2478] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2479] <... open resumed>) = 3 [pid 2479] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2477] <... futex resumed>) = 0 [pid 2477] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2477] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2479] <... futex resumed>) = 1 [pid 2479] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2478] <... mount resumed>) = 0 [pid 2479] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2477] <... futex resumed>) = 0 [pid 2477] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2479] memfd_create("syzkaller", 0 [pid 2478] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2479] <... memfd_create resumed>) = 5 [pid 2479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2478] ioctl(6, LOOP_CLR_FD) = 0 [pid 2478] close(6) = 0 [pid 2478] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2478] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2479] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2479] munmap(0x7f22d914f000, 138412032) = 0 [pid 2479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2479] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2479] ioctl(6, LOOP_CLR_FD) = 0 [pid 2479] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2479] close(6) = 0 [pid 2479] close(5) = 0 [ 56.887685][ T2478] loop0: detected capacity change from 0 to 512 [ 56.900210][ T2478] EXT4-fs (loop0): 1 truncate cleaned up [pid 2479] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2479] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2477] exit_group(0) = ? [pid 2478] <... futex resumed>) = ? [pid 2479] <... futex resumed>) = ? [pid 2479] +++ exited with 0 +++ [pid 2478] +++ exited with 0 +++ [pid 2477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2477, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./675", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./675", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./675/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./675/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./675/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./675/bus") = 0 umount2("./675/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./675/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./675/binderfs") = 0 umount2("./675/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./675/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./675/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./675/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./675/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./675/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./675") = 0 mkdir("./676", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2481 ./strace-static-x86_64: Process 2481 attached [pid 2481] set_robust_list(0x5555564336a0, 24) = 0 [pid 2481] chdir("./676") = 0 [pid 2481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2481] setpgid(0, 0) = 0 [pid 2481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2481] write(3, "1000", 4) = 4 [pid 2481] close(3) = 0 [pid 2481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2481] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2481] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2481] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2482]}, 88) = 2482 [pid 2481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2481] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2481] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2483]}, 88) = 2483 ./strace-static-x86_64: Process 2482 attached [pid 2481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2481] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2483 attached [pid 2483] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2483] creat("./bus", 000 [pid 2482] set_robust_list(0x7f22e15909a0, 24 [pid 2483] <... creat resumed>) = 3 [pid 2483] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2481] <... futex resumed>) = 0 [pid 2481] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2483] <... futex resumed>) = 1 [pid 2483] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2482] <... set_robust_list resumed>) = 0 [pid 2483] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2481] <... futex resumed>) = 0 [pid 2481] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2483] <... futex resumed>) = 1 [pid 2483] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2483] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2481] <... futex resumed>) = 0 [pid 2481] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2483] <... futex resumed>) = 1 [pid 2483] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2482] rt_sigprocmask(SIG_SETMASK, [], [pid 2483] <... mmap resumed>) = 0x20000000 [pid 2483] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2481] <... futex resumed>) = 0 [pid 2481] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2483] <... futex resumed>) = 1 [pid 2483] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2482] <... rt_sigprocmask resumed> ) = ? [pid 2482] +++ killed by SIGBUS +++ [pid 2483] +++ killed by SIGBUS +++ [pid 2481] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2481, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./676", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./676", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./676/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./676/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./676/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./676/bus") = 0 umount2("./676/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./676/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./676/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./676") = 0 mkdir("./677", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2484 ./strace-static-x86_64: Process 2484 attached [pid 2484] set_robust_list(0x5555564336a0, 24) = 0 [pid 2484] chdir("./677") = 0 [pid 2484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2484] setpgid(0, 0) = 0 [pid 2484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2484] write(3, "1000", 4) = 4 [pid 2484] close(3) = 0 [pid 2484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2484] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2484] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2484] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2484] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2485 attached => {parent_tid=[2485]}, 88) = 2485 [pid 2485] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2485] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2484] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2485] <... futex resumed>) = 0 [pid 2484] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2485] memfd_create("syzkaller", 0) = 3 [pid 2484] <... futex resumed>) = 0 [pid 2485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2484] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2486]}, 88) = 2486 [pid 2484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2484] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2484] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2485] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 ./strace-static-x86_64: Process 2486 attached [pid 2485] munmap(0x7f22d9170000, 138412032 [pid 2486] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2486] rt_sigprocmask(SIG_SETMASK, [], [pid 2485] <... munmap resumed>) = 0 [pid 2485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2485] ioctl(4, LOOP_SET_FD, 3 [pid 2486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2486] creat("./bus", 000) = 5 [pid 2486] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2484] <... futex resumed>) = 0 [pid 2484] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2484] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2486] <... futex resumed>) = 1 [pid 2486] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2486] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2484] <... futex resumed>) = 0 [pid 2484] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2484] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2486] <... futex resumed>) = 1 [pid 2486] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2486] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2484] <... futex resumed>) = 0 [pid 2484] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2484] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2486] <... futex resumed>) = 1 [pid 2486] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2485] <... ioctl resumed>) = 0 [pid 2485] close(3) = 0 [pid 2485] close(4) = 0 [pid 2485] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2485] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2485] ioctl(3, LOOP_CLR_FD) = 0 [pid 2485] close(3) = 0 [pid 2485] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2485] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2486] <... mmap resumed>) = 0x20000000 [pid 2486] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2484] <... futex resumed>) = 0 [pid 2484] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2485] <... futex resumed>) = 0 [pid 2485] memfd_create("syzkaller", 0) = 3 [pid 2485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2486] <... futex resumed>) = 1 [pid 2485] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2486] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2485] <... write resumed>) = 4194304 [pid 2485] munmap(0x7f22d9170000, 138412032) = 0 [pid 2485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2485] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2485] ioctl(4, LOOP_CLR_FD) = 0 [pid 2485] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2485] close(4) = 0 [pid 2485] close(3) = 0 [pid 2485] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2485] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2484] exit_group(0 [pid 2486] <... futex resumed>) = ? [pid 2484] <... exit_group resumed>) = ? [pid 2486] +++ exited with 0 +++ [pid 2485] <... futex resumed>) = ? [pid 2485] +++ exited with 0 +++ [pid 2484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2484, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./677", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./677", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./677/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./677/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./677/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./677/bus") = 0 umount2("./677/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./677/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./677/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./677") = 0 mkdir("./678", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2487 ./strace-static-x86_64: Process 2487 attached [pid 2487] set_robust_list(0x5555564336a0, 24) = 0 [pid 2487] chdir("./678") = 0 [pid 2487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2487] setpgid(0, 0) = 0 [pid 2487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2487] write(3, "1000", 4) = 4 [pid 2487] close(3) = 0 [pid 2487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2487] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2487] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2487] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2488]}, 88) = 2488 [pid 2487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2487] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2487] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2487] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2489]}, 88) = 2489 [pid 2487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2487] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2487] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2489 attached [pid 2489] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2489] creat("./bus", 000) = 3 [pid 2489] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2487] <... futex resumed>) = 0 [pid 2487] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2488 attached [pid 2489] <... futex resumed>) = 1 [pid 2487] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2489] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2489] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2487] <... futex resumed>) = 0 [pid 2487] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2487] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2489] <... futex resumed>) = 1 [pid 2489] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2489] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2487] <... futex resumed>) = 0 [pid 2487] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2487] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2489] <... futex resumed>) = 1 [pid 2489] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2489] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2487] <... futex resumed>) = 0 [pid 2487] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2489] <... futex resumed>) = 1 [pid 2489] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [ 56.994434][ T2485] loop0: detected capacity change from 0 to 512 [pid 2489] +++ killed by SIGBUS +++ [pid 2488] +++ killed by SIGBUS +++ [pid 2487] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2487, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./678", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./678", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./678/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./678/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./678/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./678/bus") = 0 umount2("./678/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./678/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./678/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./678") = 0 mkdir("./679", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2490 ./strace-static-x86_64: Process 2490 attached [pid 2490] set_robust_list(0x5555564336a0, 24) = 0 [pid 2490] chdir("./679") = 0 [pid 2490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2490] setpgid(0, 0) = 0 [pid 2490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2490] write(3, "1000", 4) = 4 [pid 2490] close(3) = 0 [pid 2490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2490] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2490] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2490] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2490] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2490] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2491 attached => {parent_tid=[2491]}, 88) = 2491 [pid 2491] set_robust_list(0x7f22e15909a0, 24 [pid 2490] rt_sigprocmask(SIG_SETMASK, [], [pid 2491] <... set_robust_list resumed>) = 0 [pid 2490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2491] rt_sigprocmask(SIG_SETMASK, [], [pid 2490] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2490] <... futex resumed>) = 0 [pid 2490] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2491] memfd_create("syzkaller", 0 [pid 2490] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2490] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2491] <... memfd_create resumed>) = 3 [pid 2490] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2491] <... mmap resumed>) = 0x7f22d914f000 [pid 2490] <... clone3 resumed> => {parent_tid=[2492]}, 88) = 2492 [pid 2490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2490] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2490] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2491] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2491] munmap(0x7f22d914f000, 138412032./strace-static-x86_64: Process 2492 attached [pid 2492] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2492] creat("./bus", 000) = 4 [pid 2492] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2490] <... futex resumed>) = 0 [pid 2492] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2490] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2490] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2492] <... mount resumed>) = 0 [pid 2492] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2490] <... futex resumed>) = 0 [pid 2490] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2492] <... futex resumed>) = 1 [pid 2490] <... futex resumed>) = 0 [pid 2492] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2490] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2492] <... open resumed>) = 5 [pid 2492] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2490] <... futex resumed>) = 0 [pid 2492] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2490] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2491] <... munmap resumed>) = 0 [pid 2490] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2492] <... mmap resumed>) = 0x20000000 [pid 2491] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2492] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2491] <... openat resumed>) = 6 [pid 2492] <... futex resumed>) = 1 [pid 2491] ioctl(6, LOOP_SET_FD, 3 [pid 2490] <... futex resumed>) = 0 [pid 2490] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2491] <... ioctl resumed>) = 0 [pid 2491] close(3) = 0 [pid 2491] close(6) = 0 [pid 2491] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2491] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2491] ioctl(3, LOOP_CLR_FD) = 0 [pid 2491] close(3) = 0 [pid 2491] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2491] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2492] memfd_create("syzkaller", 0) = 3 [pid 2492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2492] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2492] munmap(0x7f22d914f000, 138412032) = 0 [pid 2492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2492] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2492] ioctl(6, LOOP_CLR_FD) = 0 [pid 2492] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2492] close(6) = 0 [pid 2492] close(3) = 0 [pid 2492] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2492] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2490] exit_group(0 [pid 2491] <... futex resumed>) = ? [pid 2490] <... exit_group resumed>) = ? [pid 2492] <... futex resumed>) = ? [pid 2491] +++ exited with 0 +++ [pid 2492] +++ exited with 0 +++ [pid 2490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2490, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./679", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./679", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./679/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./679/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 57.069808][ T2491] loop0: detected capacity change from 0 to 512 [ 57.071534][ T2492] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 29 prio class 2 newfstatat(AT_FDCWD, "./679/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./679/bus") = 0 umount2("./679/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./679/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./679/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./679") = 0 mkdir("./680", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2493 ./strace-static-x86_64: Process 2493 attached [pid 2493] set_robust_list(0x5555564336a0, 24) = 0 [pid 2493] chdir("./680") = 0 [pid 2493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2493] setpgid(0, 0) = 0 [pid 2493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2493] write(3, "1000", 4) = 4 [pid 2493] close(3) = 0 [pid 2493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2493] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2493] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2493] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2494]}, 88) = 2494 [pid 2493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2493] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2493] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2493] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2495]}, 88) = 2495 [pid 2493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2493] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2493] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2495 attached [pid 2495] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2495] creat("./bus", 000) = 3 [pid 2495] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2493] <... futex resumed>) = 0 [pid 2493] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2493] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2495] <... futex resumed>) = 1 [pid 2495] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2495] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2493] <... futex resumed>) = 0 [pid 2493] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2493] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2495] <... futex resumed>) = 1 [pid 2495] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2495] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2493] <... futex resumed>) = 0 [pid 2493] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2493] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2495] <... futex resumed>) = 1 [pid 2495] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2495] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2493] <... futex resumed>) = 0 [pid 2493] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2495] <... futex resumed>) = 1 [pid 2495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2495] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2494 attached [pid 2494] +++ killed by SIGBUS +++ [pid 2493] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2493, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./680", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./680", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./680/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./680/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./680/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./680/bus") = 0 umount2("./680/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./680/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./680/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./680") = 0 mkdir("./681", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2496 ./strace-static-x86_64: Process 2496 attached [pid 2496] set_robust_list(0x5555564336a0, 24) = 0 [pid 2496] chdir("./681") = 0 [pid 2496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2496] setpgid(0, 0) = 0 [pid 2496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2496] write(3, "1000", 4) = 4 [pid 2496] close(3) = 0 [pid 2496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2496] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2496] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2496] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2497]}, 88) = 2497 ./strace-static-x86_64: Process 2497 attached [pid 2497] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2497] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2496] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2497] <... futex resumed>) = 0 [pid 2496] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2497] memfd_create("syzkaller", 0 [pid 2496] <... futex resumed>) = 0 [pid 2497] <... memfd_create resumed>) = 3 [pid 2497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2496] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2498]}, 88) = 2498 [pid 2496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2496] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2498 attached [pid 2497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2498] set_robust_list(0x7f22d916f9a0, 24 [pid 2497] <... write resumed>) = 262144 [pid 2498] <... set_robust_list resumed>) = 0 [pid 2497] munmap(0x7f22d9170000, 138412032 [pid 2498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2497] <... munmap resumed>) = 0 [pid 2498] creat("./bus", 000 [pid 2497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2497] ioctl(5, LOOP_SET_FD, 3 [pid 2498] <... creat resumed>) = 4 [pid 2498] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2496] <... futex resumed>) = 0 [pid 2496] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2498] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2498] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2496] <... futex resumed>) = 0 [pid 2496] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2498] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2498] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2496] <... futex resumed>) = 0 [pid 2496] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2498] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2497] <... ioctl resumed>) = 0 [pid 2497] close(3) = 0 [pid 2497] close(5) = 0 [pid 2497] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2497] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2497] ioctl(3, LOOP_CLR_FD) = 0 [pid 2497] close(3) = 0 [pid 2497] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2497] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2498] <... mmap resumed>) = 0x20000000 [pid 2498] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2496] <... futex resumed>) = 0 [pid 2496] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2497] <... futex resumed>) = 0 [pid 2498] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2497] memfd_create("syzkaller", 0) = 3 [pid 2497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2497] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2497] munmap(0x7f22d9170000, 138412032) = 0 [pid 2497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2497] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2497] ioctl(5, LOOP_CLR_FD) = 0 [pid 2497] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2497] close(5) = 0 [pid 2497] close(3) = 0 [pid 2497] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2497] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2496] exit_group(0) = ? [pid 2498] <... futex resumed>) = ? [pid 2497] <... futex resumed>) = ? [pid 2498] +++ exited with 0 +++ [pid 2497] +++ exited with 0 +++ [pid 2496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2496, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./681", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./681", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./681/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./681/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./681/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./681/bus") = 0 umount2("./681/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./681/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./681/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./681") = 0 mkdir("./682", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2499 ./strace-static-x86_64: Process 2499 attached [pid 2499] set_robust_list(0x5555564336a0, 24) = 0 [pid 2499] chdir("./682") = 0 [pid 2499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2499] setpgid(0, 0) = 0 [pid 2499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2499] write(3, "1000", 4) = 4 [pid 2499] close(3) = 0 [pid 2499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2499] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2499] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2499] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2500]}, 88) = 2500 [pid 2499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2499] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2499] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2500 attached ) = 0 [pid 2499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2500] set_robust_list(0x7f22e15909a0, 24 [pid 2499] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2500] <... set_robust_list resumed>) = 0 [pid 2499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2500] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2501 attached NULL, 8) = 0 [pid 2499] <... clone3 resumed> => {parent_tid=[2501]}, 88) = 2501 [ 57.156572][ T2497] loop0: detected capacity change from 0 to 512 [pid 2499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2499] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2499] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2500] memfd_create("syzkaller", 0) = 3 [pid 2500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2501] set_robust_list(0x7f22e156f9a0, 24 [pid 2500] <... mmap resumed>) = 0x7f22d914f000 [pid 2501] <... set_robust_list resumed>) = 0 [pid 2500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2501] rt_sigprocmask(SIG_SETMASK, [], [pid 2500] <... write resumed>) = 262144 [pid 2500] munmap(0x7f22d914f000, 138412032 [pid 2501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2500] <... munmap resumed>) = 0 [pid 2500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2500] ioctl(4, LOOP_SET_FD, 3 [pid 2501] creat("./bus", 000 [pid 2500] <... ioctl resumed>) = 0 [pid 2500] close(3) = 0 [pid 2500] close(4 [pid 2501] <... creat resumed>) = 3 [pid 2500] <... close resumed>) = 0 [pid 2500] mkdir("./file0", 0777) = 0 [pid 2500] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2501] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2499] <... futex resumed>) = 0 [pid 2499] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2499] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2501] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2501] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2499] <... futex resumed>) = 0 [pid 2499] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2499] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2501] <... futex resumed>) = 1 [pid 2501] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2501] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2499] <... futex resumed>) = 0 [pid 2499] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2499] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2501] <... futex resumed>) = 1 [pid 2501] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2500] <... mount resumed>) = 0 [pid 2500] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2500] ioctl(5, LOOP_CLR_FD) = 0 [pid 2500] close(5 [pid 2501] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2500] <... close resumed>) = 0 [pid 2500] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2500] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2501] <... futex resumed>) = 1 [pid 2499] <... futex resumed>) = 0 [pid 2501] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2499] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2500] <... futex resumed>) = 0 [pid 2500] memfd_create("syzkaller", 0) = 5 [pid 2500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2500] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2500] munmap(0x7f22d914f000, 138412032) = 0 [pid 2500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2500] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2500] ioctl(6, LOOP_CLR_FD) = 0 [pid 2500] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2500] close(6) = 0 [pid 2500] close(5) = 0 [pid 2500] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2500] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2499] exit_group(0 [pid 2501] <... futex resumed>) = ? [pid 2500] <... futex resumed>) = ? [pid 2499] <... exit_group resumed>) = ? [pid 2501] +++ exited with 0 +++ [pid 2500] +++ exited with 0 +++ [pid 2499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2499, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./682", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./682", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./682/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./682/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./682/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./682/bus") = 0 umount2("./682/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./682/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./682/binderfs") = 0 [ 57.219676][ T2500] loop0: detected capacity change from 0 to 512 [ 57.233587][ T2500] EXT4-fs (loop0): 1 truncate cleaned up umount2("./682/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./682/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./682/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./682/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./682/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./682/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./682") = 0 mkdir("./683", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2503 ./strace-static-x86_64: Process 2503 attached [pid 2503] set_robust_list(0x5555564336a0, 24) = 0 [pid 2503] chdir("./683") = 0 [pid 2503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2503] setpgid(0, 0) = 0 [pid 2503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2503] write(3, "1000", 4) = 4 [pid 2503] close(3) = 0 [pid 2503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2503] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2503] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2503] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2503] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2504 attached => {parent_tid=[2504]}, 88) = 2504 [pid 2504] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2504] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2503] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2504] <... futex resumed>) = 0 [pid 2504] memfd_create("syzkaller", 0 [pid 2503] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2504] <... memfd_create resumed>) = 3 [pid 2504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2503] <... futex resumed>) = 0 [pid 2503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2503] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2505 attached => {parent_tid=[2505]}, 88) = 2505 [pid 2505] set_robust_list(0x7f22d916f9a0, 24 [pid 2503] rt_sigprocmask(SIG_SETMASK, [], [pid 2505] <... set_robust_list resumed>) = 0 [pid 2504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2503] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2505] rt_sigprocmask(SIG_SETMASK, [], [pid 2503] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2503] <... futex resumed>) = 0 [pid 2505] creat("./bus", 000 [pid 2503] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2505] <... creat resumed>) = 4 [pid 2504] <... write resumed>) = 262144 [pid 2504] munmap(0x7f22d9170000, 138412032 [pid 2505] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2504] <... munmap resumed>) = 0 [pid 2504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2504] ioctl(5, LOOP_SET_FD, 3 [pid 2503] <... futex resumed>) = 0 [pid 2505] <... futex resumed>) = 1 [pid 2505] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2503] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2504] <... ioctl resumed>) = 0 [pid 2504] close(3) = 0 [pid 2504] close(5 [pid 2505] <... mount resumed>) = 0 [pid 2503] <... futex resumed>) = 0 [pid 2504] <... close resumed>) = 0 [pid 2504] mkdir("./file0", 0777 [pid 2503] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2504] <... mkdir resumed>) = 0 [pid 2504] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2505] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2505] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2503] <... futex resumed>) = 0 [pid 2503] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2503] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2505] <... futex resumed>) = 0 [pid 2505] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2505] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2503] <... futex resumed>) = 0 [pid 2503] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2503] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2505] <... futex resumed>) = 1 [pid 2505] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2505] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2503] <... futex resumed>) = 0 [pid 2503] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] <... futex resumed>) = 1 [pid 2505] memfd_create("syzkaller", 0) = 5 [pid 2505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2504] <... mount resumed>) = 0 [pid 2504] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2504] ioctl(6, LOOP_CLR_FD) = 0 [pid 2504] close(6) = 0 [pid 2504] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2504] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2505] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2505] munmap(0x7f22d9170000, 138412032) = 0 [pid 2505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2505] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2505] ioctl(6, LOOP_CLR_FD) = 0 [pid 2505] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2505] close(6) = 0 [pid 2505] close(5) = 0 [pid 2505] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2503] exit_group(0 [pid 2505] <... futex resumed>) = ? [pid 2504] <... futex resumed>) = ? [pid 2503] <... exit_group resumed>) = ? [pid 2505] +++ exited with 0 +++ [pid 2504] +++ exited with 0 +++ [pid 2503] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2503, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- umount2("./683", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./683", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./683/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./683/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./683/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./683/bus") = 0 umount2("./683/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./683/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./683/binderfs") = 0 [ 57.310654][ T2504] loop0: detected capacity change from 0 to 512 [ 57.323970][ T2504] EXT4-fs (loop0): 1 truncate cleaned up umount2("./683/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./683/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./683/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./683/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./683/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./683/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./683") = 0 mkdir("./684", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2507 ./strace-static-x86_64: Process 2507 attached [pid 2507] set_robust_list(0x5555564336a0, 24) = 0 [pid 2507] chdir("./684") = 0 [pid 2507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2507] setpgid(0, 0) = 0 [pid 2507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2507] write(3, "1000", 4) = 4 [pid 2507] close(3) = 0 [pid 2507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2507] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2507] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2507] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2508 attached [pid 2508] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2508] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2507] <... clone3 resumed> => {parent_tid=[2508]}, 88) = 2508 [pid 2507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2507] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2508] <... futex resumed>) = 0 [pid 2507] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2508] memfd_create("syzkaller", 0) = 3 [pid 2508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2507] <... futex resumed>) = 0 [pid 2507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2507] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2509 attached => {parent_tid=[2509]}, 88) = 2509 [pid 2509] set_robust_list(0x7f22d916f9a0, 24 [pid 2507] rt_sigprocmask(SIG_SETMASK, [], [pid 2509] <... set_robust_list resumed>) = 0 [pid 2508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2509] rt_sigprocmask(SIG_SETMASK, [], [pid 2507] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2509] creat("./bus", 000 [pid 2507] <... futex resumed>) = 0 [pid 2507] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2509] <... creat resumed>) = 4 [pid 2509] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2507] <... futex resumed>) = 0 [pid 2509] <... futex resumed>) = 1 [pid 2508] <... write resumed>) = 262144 [pid 2508] munmap(0x7f22d9170000, 138412032 [pid 2509] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2507] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2508] <... munmap resumed>) = 0 [pid 2507] <... futex resumed>) = 0 [pid 2508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2508] ioctl(5, LOOP_SET_FD, 3 [pid 2507] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2509] <... mount resumed>) = 0 [pid 2509] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2507] <... futex resumed>) = 0 [pid 2507] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2507] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2509] <... futex resumed>) = 1 [pid 2509] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2509] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2507] <... futex resumed>) = 0 [pid 2507] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2507] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2509] <... futex resumed>) = 1 [pid 2509] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2508] <... ioctl resumed>) = 0 [pid 2508] close(3) = 0 [pid 2508] close(5 [pid 2509] <... mmap resumed>) = 0x20000000 [pid 2509] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2507] <... futex resumed>) = 0 [pid 2507] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2509] <... futex resumed>) = 1 [pid 2509] memfd_create("syzkaller", 0) = 3 [pid 2509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2508] <... close resumed>) = 0 [pid 2508] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2508] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2508] ioctl(5, LOOP_CLR_FD) = 0 [pid 2508] close(5) = 0 [pid 2508] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2509] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2508] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2509] <... write resumed>) = 4194304 [pid 2509] munmap(0x7f22d9170000, 138412032) = 0 [pid 2509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2509] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2509] ioctl(5, LOOP_CLR_FD) = 0 [pid 2509] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2509] close(5) = 0 [pid 2509] close(3) = 0 [pid 2509] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2509] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2507] exit_group(0 [pid 2508] <... futex resumed>) = ? [pid 2507] <... exit_group resumed>) = ? [pid 2508] +++ exited with 0 +++ [pid 2509] <... futex resumed>) = ? [pid 2509] +++ exited with 0 +++ [pid 2507] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2507, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./684", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./684", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./684/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./684/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./684/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./684/bus") = 0 umount2("./684/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./684/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./684/binderfs") = 0 [ 57.404247][ T2508] loop0: detected capacity change from 0 to 512 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./684") = 0 mkdir("./685", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2511 ./strace-static-x86_64: Process 2511 attached [pid 2511] set_robust_list(0x5555564336a0, 24) = 0 [pid 2511] chdir("./685") = 0 [pid 2511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2511] setpgid(0, 0) = 0 [pid 2511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2511] write(3, "1000", 4) = 4 [pid 2511] close(3) = 0 [pid 2511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2511] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2511] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2511] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2511] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2512 attached => {parent_tid=[2512]}, 88) = 2512 [pid 2512] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2512] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2511] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2512] <... futex resumed>) = 0 [pid 2512] memfd_create("syzkaller", 0 [pid 2511] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2512] <... memfd_create resumed>) = 3 [pid 2512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2511] <... futex resumed>) = 0 [pid 2511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2511] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2513 attached => {parent_tid=[2513]}, 88) = 2513 [pid 2513] set_robust_list(0x7f22d916f9a0, 24 [pid 2511] rt_sigprocmask(SIG_SETMASK, [], [pid 2513] <... set_robust_list resumed>) = 0 [pid 2511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2511] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2513] creat("./bus", 000 [pid 2512] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2511] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2513] <... creat resumed>) = 4 [pid 2513] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2511] <... futex resumed>) = 0 [pid 2513] <... futex resumed>) = 1 [pid 2511] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2513] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2512] <... write resumed>) = 262144 [pid 2512] munmap(0x7f22d9170000, 138412032 [pid 2511] <... futex resumed>) = 0 [pid 2513] <... mount resumed>) = 0 [pid 2511] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2512] <... munmap resumed>) = 0 [pid 2512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2512] ioctl(5, LOOP_SET_FD, 3 [pid 2513] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2511] <... futex resumed>) = 0 [pid 2511] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2511] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2513] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2513] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2511] <... futex resumed>) = 0 [pid 2511] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2511] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2513] <... futex resumed>) = 1 [pid 2513] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2512] <... ioctl resumed>) = 0 [pid 2512] close(3) = 0 [pid 2512] close(5 [pid 2513] <... mmap resumed>) = 0x20000000 [pid 2513] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2511] <... futex resumed>) = 0 [pid 2511] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2513] <... futex resumed>) = 1 [pid 2513] memfd_create("syzkaller", 0) = 3 [pid 2513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2512] <... close resumed>) = 0 [pid 2512] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2512] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2512] ioctl(5, LOOP_CLR_FD) = 0 [pid 2512] close(5) = 0 [pid 2512] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2512] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2513] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2513] munmap(0x7f22d9170000, 138412032) = 0 [pid 2513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2513] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2513] ioctl(5, LOOP_CLR_FD) = 0 [pid 2513] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2513] close(5) = 0 [pid 2513] close(3) = 0 [pid 2513] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2513] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2511] exit_group(0) = ? [pid 2512] <... futex resumed>) = ? [pid 2512] +++ exited with 0 +++ [pid 2513] <... futex resumed>) = ? [pid 2513] +++ exited with 0 +++ [pid 2511] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2511, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./685", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./685", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./685/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./685/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./685/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./685/bus") = 0 umount2("./685/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./685/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./685/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./685") = 0 mkdir("./686", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2514 ./strace-static-x86_64: Process 2514 attached [pid 2514] set_robust_list(0x5555564336a0, 24) = 0 [pid 2514] chdir("./686") = 0 [pid 2514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2514] setpgid(0, 0) = 0 [pid 2514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2514] write(3, "1000", 4) = 4 [pid 2514] close(3) = 0 [pid 2514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2514] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2514] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2514] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2515 attached [pid 2515] set_robust_list(0x7f22e15909a0, 24 [pid 2514] <... clone3 resumed> => {parent_tid=[2515]}, 88) = 2515 [pid 2515] <... set_robust_list resumed>) = 0 [pid 2514] rt_sigprocmask(SIG_SETMASK, [], [pid 2515] rt_sigprocmask(SIG_SETMASK, [], [pid 2514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2514] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2515] memfd_create("syzkaller", 0 [pid 2514] <... futex resumed>) = 0 [pid 2514] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] <... memfd_create resumed>) = 3 [pid 2514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2514] <... mmap resumed>) = 0x7f22e154f000 [pid 2514] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2515] <... mmap resumed>) = 0x7f22d914f000 [pid 2514] <... mprotect resumed>) = 0 [pid 2514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2516]}, 88) = 2516 [pid 2514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2514] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2514] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2516 attached [ 57.478247][ T2512] loop0: detected capacity change from 0 to 512 [pid 2515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2516] set_robust_list(0x7f22e156f9a0, 24 [pid 2515] <... write resumed>) = 262144 [pid 2516] <... set_robust_list resumed>) = 0 [pid 2515] munmap(0x7f22d914f000, 138412032 [pid 2516] rt_sigprocmask(SIG_SETMASK, [], [pid 2515] <... munmap resumed>) = 0 [pid 2516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2516] creat("./bus", 000 [pid 2515] ioctl(4, LOOP_SET_FD, 3 [pid 2516] <... creat resumed>) = 5 [pid 2515] <... ioctl resumed>) = 0 [pid 2516] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2515] close(3 [pid 2514] <... futex resumed>) = 0 [pid 2516] <... futex resumed>) = 1 [pid 2515] <... close resumed>) = 0 [pid 2516] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2514] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2515] close(4 [pid 2514] <... futex resumed>) = 0 [pid 2516] <... mount resumed>) = 0 [pid 2515] <... close resumed>) = 0 [pid 2514] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2516] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2515] mkdir("./file0", 0777 [pid 2516] <... futex resumed>) = 0 [pid 2514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2516] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2514] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2516] <... open resumed>) = 3 [pid 2514] <... futex resumed>) = 0 [pid 2516] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2514] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2516] <... futex resumed>) = 0 [pid 2514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2516] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2514] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2516] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2515] <... mkdir resumed>) = 0 [pid 2514] <... futex resumed>) = 0 [pid 2516] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2515] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2514] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2516] <... mmap resumed>) = 0x20000000 [pid 2516] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2514] <... futex resumed>) = 0 [pid 2516] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2515] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 2514] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2516] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2514] <... futex resumed>) = 0 [pid 2516] memfd_create("syzkaller", 0) = 4 [pid 2516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2515] ioctl(6, LOOP_CLR_FD) = 0 [pid 2515] close(6) = 0 [pid 2515] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2516] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2516] munmap(0x7f22d914f000, 138412032) = 0 [pid 2516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2516] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2516] ioctl(6, LOOP_CLR_FD) = 0 [pid 2516] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2516] close(6) = 0 [pid 2516] close(4) = 0 [pid 2516] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2516] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2514] exit_group(0 [pid 2515] <... futex resumed>) = ? [pid 2514] <... exit_group resumed>) = ? [pid 2515] +++ exited with 0 +++ [pid 2516] <... futex resumed>) = ? [pid 2516] +++ exited with 0 +++ [pid 2514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2514, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./686", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./686", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./686/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./686/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./686/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./686/bus") = 0 umount2("./686/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./686/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./686/binderfs") = 0 umount2("./686/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./686/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./686/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./686/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./686/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./686") = 0 mkdir("./687", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 57.539697][ T2515] loop0: detected capacity change from 0 to 512 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2517 ./strace-static-x86_64: Process 2517 attached [pid 2517] set_robust_list(0x5555564336a0, 24) = 0 [pid 2517] chdir("./687") = 0 [pid 2517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2517] setpgid(0, 0) = 0 [pid 2517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2517] write(3, "1000", 4) = 4 [pid 2517] close(3) = 0 [pid 2517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2517] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2517] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2517] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2518]}, 88) = 2518 [pid 2517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2517] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2517] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2517] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2519]}, 88) = 2519 [pid 2517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2517] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2517] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2519 attached [pid 2519] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2519] creat("./bus", 000) = 3 ./strace-static-x86_64: Process 2518 attached [pid 2519] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2517] <... futex resumed>) = 0 [pid 2518] set_robust_list(0x7f22e15909a0, 24 [pid 2517] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2517] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2519] <... futex resumed>) = 1 [pid 2519] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2518] <... set_robust_list resumed>) = 0 [pid 2518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2519] <... mount resumed>) = 0 [pid 2519] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2518] memfd_create("syzkaller", 0 [pid 2519] <... futex resumed>) = 1 [pid 2518] <... memfd_create resumed>) = 4 [pid 2517] <... futex resumed>) = 0 [pid 2517] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2517] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2519] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2519] <... open resumed>) = 5 [pid 2518] <... mmap resumed>) = 0x7f22d914f000 [pid 2519] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2518] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2519] <... futex resumed>) = 1 [pid 2517] <... futex resumed>) = 0 [pid 2517] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2517] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2519] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2519] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2517] <... futex resumed>) = 0 [pid 2517] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2519] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2517] <... futex resumed>) = 0 [pid 2518] <... write resumed>) = ? [pid 2519] +++ killed by SIGBUS +++ [pid 2518] +++ killed by SIGBUS +++ [pid 2517] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2517, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./687", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./687", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./687/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./687/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./687/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./687/bus") = 0 umount2("./687/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./687/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./687/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./687") = 0 mkdir("./688", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2520 ./strace-static-x86_64: Process 2520 attached [pid 2520] set_robust_list(0x5555564336a0, 24) = 0 [pid 2520] chdir("./688") = 0 [pid 2520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2520] setpgid(0, 0) = 0 [pid 2520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2520] write(3, "1000", 4) = 4 [pid 2520] close(3) = 0 [pid 2520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2520] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2520] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2520] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2521 attached => {parent_tid=[2521]}, 88) = 2521 [pid 2521] set_robust_list(0x7f22e15909a0, 24 [pid 2520] rt_sigprocmask(SIG_SETMASK, [], [pid 2521] <... set_robust_list resumed>) = 0 [pid 2520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2521] rt_sigprocmask(SIG_SETMASK, [], [pid 2520] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2520] <... futex resumed>) = 0 [pid 2520] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2521] memfd_create("syzkaller", 0 [pid 2520] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2521] <... memfd_create resumed>) = 3 [pid 2520] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2520] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2521] <... mmap resumed>) = 0x7f22d914f000 [pid 2520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2522 attached => {parent_tid=[2522]}, 88) = 2522 [pid 2520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2520] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2522] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2522] creat("./bus", 000 [pid 2521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2522] <... creat resumed>) = 4 [pid 2522] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2520] <... futex resumed>) = 0 [pid 2520] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2522] <... futex resumed>) = 1 [pid 2522] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2521] <... write resumed>) = 262144 [pid 2521] munmap(0x7f22d914f000, 138412032 [pid 2522] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2521] <... munmap resumed>) = 0 [pid 2521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2521] ioctl(5, LOOP_SET_FD, 3 [pid 2520] <... futex resumed>) = 0 [pid 2522] <... futex resumed>) = 1 [pid 2520] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2522] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2520] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2521] <... ioctl resumed>) = 0 [pid 2521] close(3) = 0 [pid 2521] close(5 [pid 2522] <... open resumed>) = 3 [pid 2521] <... close resumed>) = 0 [pid 2521] mkdir("./file0", 0777) = 0 [pid 2521] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2522] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2520] <... futex resumed>) = 0 [pid 2520] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2522] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2521] <... mount resumed>) = 0 [pid 2521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2521] chdir("./file0") = 0 [pid 2521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2521] ioctl(6, LOOP_CLR_FD) = 0 [pid 2521] close(6) = 0 [pid 2521] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2521] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2522] <... mmap resumed>) = 0x20000000 [pid 2522] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2520] <... futex resumed>) = 0 [pid 2520] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2521] <... futex resumed>) = 0 [pid 2522] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2521] memfd_create("syzkaller", 0) = 6 [pid 2521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2521] write(6, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2521] munmap(0x7f22d914f000, 138412032) = 0 [pid 2521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 2521] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2521] ioctl(7, LOOP_CLR_FD) = 0 [pid 2521] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2521] close(7) = 0 [pid 2521] close(6) = 0 [pid 2521] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2521] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2520] exit_group(0 [pid 2522] <... futex resumed>) = ? [pid 2520] <... exit_group resumed>) = ? [pid 2522] +++ exited with 0 +++ [pid 2521] <... futex resumed>) = ? [pid 2521] +++ exited with 0 +++ [pid 2520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2520, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./688", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./688", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./688/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./688/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./688/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./688/bus") = 0 umount2("./688/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./688/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./688/binderfs") = 0 [ 57.622487][ T2521] loop0: detected capacity change from 0 to 512 [ 57.634907][ T2521] EXT4-fs (loop0): 1 truncate cleaned up umount2("./688/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./688/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./688/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./688/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./688/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./688/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./688") = 0 mkdir("./689", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2524 ./strace-static-x86_64: Process 2524 attached [pid 2524] set_robust_list(0x5555564336a0, 24) = 0 [pid 2524] chdir("./689") = 0 [pid 2524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2524] setpgid(0, 0) = 0 [pid 2524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2524] write(3, "1000", 4) = 4 [pid 2524] close(3) = 0 [pid 2524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2524] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2524] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2524] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2524] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2525 attached => {parent_tid=[2525]}, 88) = 2525 [pid 2525] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2525] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2524] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2525] <... futex resumed>) = 0 [pid 2524] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2525] memfd_create("syzkaller", 0 [pid 2524] <... futex resumed>) = 0 [pid 2525] <... memfd_create resumed>) = 3 [pid 2524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2524] <... mmap resumed>) = 0x7f22d914f000 [pid 2524] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2526]}, 88) = 2526 [pid 2524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2524] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2524] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2526 attached [pid 2525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2526] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2526] rt_sigprocmask(SIG_SETMASK, [], [pid 2525] <... write resumed>) = 262144 [pid 2526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2526] creat("./bus", 000 [pid 2525] munmap(0x7f22d9170000, 138412032 [pid 2526] <... creat resumed>) = 4 [pid 2526] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2524] <... futex resumed>) = 0 [pid 2524] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] <... munmap resumed>) = 0 [pid 2524] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2525] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2526] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2524] <... futex resumed>) = 0 [pid 2525] <... openat resumed>) = 5 [pid 2524] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2525] ioctl(5, LOOP_SET_FD, 3 [pid 2524] <... futex resumed>) = 0 [pid 2524] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2526] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2524] <... futex resumed>) = 0 [pid 2524] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2524] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2525] <... ioctl resumed>) = 0 [pid 2525] close(3) = 0 [pid 2525] close(5) = 0 [pid 2525] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2525] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2525] ioctl(3, LOOP_CLR_FD) = 0 [pid 2525] close(3) = 0 [pid 2525] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2526] <... mmap resumed>) = 0x20000000 [pid 2526] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2524] <... futex resumed>) = 0 [pid 2524] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2526] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2525] <... futex resumed>) = 0 [pid 2525] memfd_create("syzkaller", 0) = 3 [pid 2525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2525] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2525] munmap(0x7f22d9170000, 138412032) = 0 [pid 2525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2525] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2525] ioctl(5, LOOP_CLR_FD) = 0 [pid 2525] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2525] close(5) = 0 [pid 2525] close(3) = 0 [pid 2525] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2524] exit_group(0) = ? [pid 2526] <... futex resumed>) = ? [pid 2526] +++ exited with 0 +++ [pid 2525] +++ exited with 0 +++ [pid 2524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2524, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./689", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./689", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./689/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./689/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./689/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./689/bus") = 0 umount2("./689/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./689/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./689/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./689") = 0 mkdir("./690", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2527 ./strace-static-x86_64: Process 2527 attached [pid 2527] set_robust_list(0x5555564336a0, 24) = 0 [pid 2527] chdir("./690") = 0 [pid 2527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2527] setpgid(0, 0) = 0 [pid 2527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2527] write(3, "1000", 4) = 4 [pid 2527] close(3) = 0 [pid 2527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2527] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2527] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2527] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2528]}, 88) = 2528 [pid 2527] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2528 attached NULL, 8) = 0 [pid 2527] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2527] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2527] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2529]}, 88) = 2529 [pid 2527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2527] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2527] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2528] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 2529 attached [pid 2528] memfd_create("syzkaller", 0) = 3 [pid 2528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2529] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 57.706161][ T2525] loop0: detected capacity change from 0 to 512 [pid 2529] creat("./bus", 000) = 4 [pid 2529] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2527] <... futex resumed>) = 0 [pid 2527] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2527] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2529] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2529] <... mount resumed>) = 0 [pid 2529] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2527] <... futex resumed>) = 0 [pid 2527] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2527] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2529] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2529] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2528] <... write resumed>) = 262144 [pid 2528] munmap(0x7f22d914f000, 138412032 [pid 2529] <... futex resumed>) = 1 [pid 2527] <... futex resumed>) = 0 [pid 2527] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2527] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2528] <... munmap resumed>) = 0 [pid 2528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2528] ioctl(6, LOOP_SET_FD, 3 [pid 2529] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2528] <... ioctl resumed>) = 0 [pid 2528] close(3) = 0 [pid 2528] close(6) = 0 [pid 2528] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2528] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2528] ioctl(3, LOOP_CLR_FD) = 0 [pid 2528] close(3) = 0 [pid 2528] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2528] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2529] <... mmap resumed>) = 0x20000000 [pid 2529] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2527] <... futex resumed>) = 0 [pid 2527] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2528] <... futex resumed>) = 0 [pid 2528] memfd_create("syzkaller", 0) = 3 [pid 2528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2529] <... futex resumed>) = 1 [pid 2529] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2528] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2528] munmap(0x7f22d914f000, 138412032) = 0 [pid 2528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2528] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2528] ioctl(6, LOOP_CLR_FD) = 0 [pid 2528] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2528] close(6) = 0 [pid 2528] close(3) = 0 [pid 2528] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2527] exit_group(0 [pid 2529] <... futex resumed>) = ? [pid 2527] <... exit_group resumed>) = ? [pid 2529] +++ exited with 0 +++ [pid 2528] +++ exited with 0 +++ [pid 2527] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2527, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./690", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./690", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./690/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./690/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./690/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./690/bus") = 0 umount2("./690/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./690/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./690/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./690") = 0 mkdir("./691", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2530 ./strace-static-x86_64: Process 2530 attached [pid 2530] set_robust_list(0x5555564336a0, 24) = 0 [pid 2530] chdir("./691") = 0 [pid 2530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2530] setpgid(0, 0) = 0 [pid 2530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2530] write(3, "1000", 4) = 4 [pid 2530] close(3) = 0 [pid 2530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2530] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2530] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2530] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2530] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2531 attached [pid 2531] set_robust_list(0x7f22e15909a0, 24 [pid 2530] <... clone3 resumed> => {parent_tid=[2531]}, 88) = 2531 [pid 2531] <... set_robust_list resumed>) = 0 [pid 2531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2531] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2530] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2531] <... futex resumed>) = 0 [pid 2530] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2531] memfd_create("syzkaller", 0) = 3 [pid 2530] <... futex resumed>) = 0 [pid 2531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2530] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2530] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2532]}, 88) = 2532 [pid 2530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2530] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.770023][ T2528] loop0: detected capacity change from 0 to 512 [pid 2531] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2532 attached ) = 262144 [pid 2532] set_robust_list(0x7f22d916f9a0, 24 [pid 2531] munmap(0x7f22d9170000, 138412032 [pid 2532] <... set_robust_list resumed>) = 0 [pid 2531] <... munmap resumed>) = 0 [pid 2532] rt_sigprocmask(SIG_SETMASK, [], [pid 2531] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2531] <... openat resumed>) = 4 [pid 2532] creat("./bus", 000 [pid 2531] ioctl(4, LOOP_SET_FD, 3 [pid 2532] <... creat resumed>) = 5 [pid 2532] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2532] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2532] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2532] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2532] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2532] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2531] <... ioctl resumed>) = 0 [pid 2531] close(3) = 0 [pid 2531] close(4) = 0 [pid 2531] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2531] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2531] ioctl(3, LOOP_CLR_FD) = 0 [pid 2531] close(3) = 0 [pid 2531] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2531] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2532] <... mmap resumed>) = 0x20000000 [pid 2532] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2531] <... futex resumed>) = 0 [pid 2531] memfd_create("syzkaller", 0) = 3 [pid 2531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2532] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2531] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2531] munmap(0x7f22d9170000, 138412032) = 0 [pid 2531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2531] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2531] ioctl(4, LOOP_CLR_FD) = 0 [pid 2531] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2531] close(4) = 0 [pid 2531] close(3) = 0 [pid 2531] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2531] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2530] exit_group(0 [pid 2532] <... futex resumed>) = ? [pid 2530] <... exit_group resumed>) = ? [pid 2532] +++ exited with 0 +++ [pid 2531] <... futex resumed>) = ? [pid 2531] +++ exited with 0 +++ [pid 2530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2530, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./691", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./691", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./691/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./691/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./691/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./691/bus") = 0 umount2("./691/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./691/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./691/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./691") = 0 mkdir("./692", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2533 ./strace-static-x86_64: Process 2533 attached [pid 2533] set_robust_list(0x5555564336a0, 24) = 0 [pid 2533] chdir("./692") = 0 [pid 2533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2533] setpgid(0, 0) = 0 [pid 2533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2533] write(3, "1000", 4) = 4 [pid 2533] close(3) = 0 [pid 2533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2533] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2533] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2533] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2533] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2534 attached => {parent_tid=[2534]}, 88) = 2534 [pid 2534] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2534] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2533] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2534] <... futex resumed>) = 0 [pid 2533] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2534] memfd_create("syzkaller", 0) = 3 [pid 2534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2533] <... futex resumed>) = 0 [pid 2533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2533] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2535]}, 88) = 2535 [pid 2533] rt_sigprocmask(SIG_SETMASK, [], [pid 2534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2533] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.831571][ T2531] loop0: detected capacity change from 0 to 512 [pid 2533] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2535 attached [pid 2534] <... write resumed>) = 262144 [pid 2534] munmap(0x7f22d9170000, 138412032) = 0 [pid 2534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2534] ioctl(4, LOOP_SET_FD, 3 [pid 2535] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2535] creat("./bus", 000) = 5 [pid 2535] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2533] <... futex resumed>) = 0 [pid 2533] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2533] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2535] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2535] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2533] <... futex resumed>) = 0 [pid 2533] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2533] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2535] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2535] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2533] <... futex resumed>) = 0 [pid 2533] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2533] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2535] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2534] <... ioctl resumed>) = 0 [pid 2534] close(3) = 0 [pid 2534] close(4 [pid 2535] <... mmap resumed>) = 0x20000000 [pid 2535] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2533] <... futex resumed>) = 0 [pid 2533] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] memfd_create("syzkaller", 0) = 3 [pid 2535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2534] <... close resumed>) = 0 [pid 2534] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2534] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2534] ioctl(4, LOOP_CLR_FD) = 0 [pid 2534] close(4 [pid 2535] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2534] <... close resumed>) = 0 [pid 2534] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2534] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2535] <... write resumed>) = 4194304 [pid 2535] munmap(0x7f22d9170000, 138412032) = 0 [pid 2535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2535] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2535] ioctl(4, LOOP_CLR_FD) = 0 [pid 2535] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2535] close(4) = 0 [pid 2535] close(3) = 0 [pid 2535] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2533] exit_group(0) = ? [pid 2535] <... futex resumed>) = ? [pid 2534] <... futex resumed>) = ? [pid 2535] +++ exited with 0 +++ [pid 2534] +++ exited with 0 +++ [pid 2533] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2533, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./692", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./692", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./692/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./692/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./692/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./692/bus") = 0 umount2("./692/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./692/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./692/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./692") = 0 mkdir("./693", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2536 ./strace-static-x86_64: Process 2536 attached [pid 2536] set_robust_list(0x5555564336a0, 24) = 0 [pid 2536] chdir("./693") = 0 [pid 2536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2536] setpgid(0, 0) = 0 [pid 2536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2536] write(3, "1000", 4) = 4 [pid 2536] close(3) = 0 [pid 2536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2536] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2536] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2536] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2537 attached [pid 2537] set_robust_list(0x7f22e15909a0, 24 [pid 2536] <... clone3 resumed> => {parent_tid=[2537]}, 88) = 2537 [pid 2537] <... set_robust_list resumed>) = 0 [pid 2536] rt_sigprocmask(SIG_SETMASK, [], [pid 2537] rt_sigprocmask(SIG_SETMASK, [], [pid 2536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2537] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 57.892921][ T2534] loop0: detected capacity change from 0 to 512 [pid 2536] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2537] memfd_create("syzkaller", 0 [pid 2536] <... futex resumed>) = 0 [pid 2537] <... memfd_create resumed>) = 3 [pid 2536] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2536] <... futex resumed>) = 0 [pid 2537] <... mmap resumed>) = 0x7f22d9170000 [pid 2536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2536] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2538]}, 88) = 2538 [pid 2536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2536] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2536] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2538 attached [pid 2538] set_robust_list(0x7f22d916f9a0, 24 [pid 2537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2538] <... set_robust_list resumed>) = 0 [pid 2538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2538] creat("./bus", 000) = 4 [pid 2537] <... write resumed>) = 262144 [pid 2537] munmap(0x7f22d9170000, 138412032 [pid 2538] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2536] <... futex resumed>) = 0 [pid 2537] <... munmap resumed>) = 0 [pid 2538] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2536] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2537] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2536] <... futex resumed>) = 0 [pid 2536] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2537] <... openat resumed>) = 5 [pid 2537] ioctl(5, LOOP_SET_FD, 3 [pid 2538] <... mount resumed>) = 0 [pid 2538] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2538] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2536] <... futex resumed>) = 0 [pid 2536] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2536] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2538] <... futex resumed>) = 0 [pid 2538] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2538] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2536] <... futex resumed>) = 0 [pid 2536] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2536] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2538] <... futex resumed>) = 1 [pid 2538] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2537] <... ioctl resumed>) = 0 [pid 2537] close(3) = 0 [pid 2537] close(5 [pid 2538] <... mmap resumed>) = 0x20000000 [pid 2538] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2536] <... futex resumed>) = 0 [pid 2536] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2538] <... futex resumed>) = 1 [pid 2538] memfd_create("syzkaller", 0) = 3 [pid 2538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2537] <... close resumed>) = 0 [pid 2537] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2537] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2537] ioctl(5, LOOP_CLR_FD) = 0 [pid 2537] close(5) = 0 [pid 2537] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2537] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2538] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2538] munmap(0x7f22d9170000, 138412032) = 0 [pid 2538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2538] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2538] ioctl(5, LOOP_CLR_FD) = 0 [pid 2538] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2538] close(5) = 0 [pid 2538] close(3) = 0 [pid 2538] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2538] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2536] exit_group(0) = ? [pid 2537] <... futex resumed>) = ? [pid 2537] +++ exited with 0 +++ [pid 2538] <... futex resumed>) = ? [pid 2538] +++ exited with 0 +++ [pid 2536] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2536, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./693", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./693", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./693/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./693/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./693/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./693/bus") = 0 umount2("./693/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./693/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./693/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./693") = 0 mkdir("./694", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2539 attached [pid 2539] set_robust_list(0x5555564336a0, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2539 [pid 2539] chdir("./694") = 0 [pid 2539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2539] setpgid(0, 0) = 0 [pid 2539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2539] write(3, "1000", 4) = 4 [pid 2539] close(3) = 0 [pid 2539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2539] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2539] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2539] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2539] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2539] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2540]}, 88) = 2540 [pid 2539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2539] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2539] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2539] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2539] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2541]}, 88) = 2541 [pid 2539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2539] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2539] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2541 attached [pid 2541] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2541] creat("./bus", 000) = 3 [pid 2541] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2539] <... futex resumed>) = 0 [pid 2539] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2539] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... futex resumed>) = 1 [pid 2541] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2541] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2539] <... futex resumed>) = 0 [pid 2539] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2539] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... futex resumed>) = 1 [pid 2541] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2541] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2539] <... futex resumed>) = 0 [pid 2539] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2539] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... futex resumed>) = 1 [ 57.967968][ T2537] loop0: detected capacity change from 0 to 512 [pid 2541] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2541] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2539] <... futex resumed>) = 0 [pid 2539] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2541] <... futex resumed>) = 1 [pid 2541] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2541] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2540 attached [pid 2540] +++ killed by SIGBUS +++ [pid 2539] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2539, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./694", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./694", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./694/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./694/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./694/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./694/bus") = 0 umount2("./694/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./694/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./694/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./694") = 0 mkdir("./695", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2542 ./strace-static-x86_64: Process 2542 attached [pid 2542] set_robust_list(0x5555564336a0, 24) = 0 [pid 2542] chdir("./695") = 0 [pid 2542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2542] setpgid(0, 0) = 0 [pid 2542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2542] write(3, "1000", 4) = 4 [pid 2542] close(3) = 0 [pid 2542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2542] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2542] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2542] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2543 attached => {parent_tid=[2543]}, 88) = 2543 [pid 2542] rt_sigprocmask(SIG_SETMASK, [], [pid 2543] set_robust_list(0x7f22e15909a0, 24 [pid 2542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2543] <... set_robust_list resumed>) = 0 [pid 2542] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2543] rt_sigprocmask(SIG_SETMASK, [], [pid 2542] <... futex resumed>) = 0 [pid 2543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2542] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2543] memfd_create("syzkaller", 0 [pid 2542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2543] <... memfd_create resumed>) = 3 [pid 2543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2542] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2543] <... mmap resumed>) = 0x7f22d914f000 [pid 2542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2544]}, 88) = 2544 [pid 2542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2542] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2542] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2544 attached [pid 2544] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2544] creat("./bus", 000) = 4 [pid 2544] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2542] <... futex resumed>) = 0 [pid 2542] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2542] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2544] <... futex resumed>) = 1 [pid 2544] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2544] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2542] <... futex resumed>) = 0 [pid 2542] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2542] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2544] <... futex resumed>) = 1 [pid 2544] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2544] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2542] <... futex resumed>) = 0 [pid 2542] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2542] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2544] <... futex resumed>) = 1 [pid 2544] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2543] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d97} --- [pid 2544] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2542] <... futex resumed>) = 0 [pid 2542] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2544] <... futex resumed>) = 1 [pid 2544] +++ killed by SIGBUS +++ [pid 2543] +++ killed by SIGBUS +++ [pid 2542] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2542, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./695", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./695", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./695/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./695/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./695/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./695/bus") = 0 umount2("./695/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./695/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./695/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./695") = 0 mkdir("./696", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2545 ./strace-static-x86_64: Process 2545 attached [pid 2545] set_robust_list(0x5555564336a0, 24) = 0 [pid 2545] chdir("./696") = 0 [pid 2545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2545] setpgid(0, 0) = 0 [pid 2545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2545] write(3, "1000", 4) = 4 [pid 2545] close(3) = 0 [pid 2545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2545] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2545] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2545] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2545] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2546 attached [pid 2546] set_robust_list(0x7f22e15909a0, 24 [pid 2545] <... clone3 resumed> => {parent_tid=[2546]}, 88) = 2546 [pid 2546] <... set_robust_list resumed>) = 0 [pid 2545] rt_sigprocmask(SIG_SETMASK, [], [pid 2546] rt_sigprocmask(SIG_SETMASK, [], [pid 2545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2545] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2546] memfd_create("syzkaller", 0 [pid 2545] <... futex resumed>) = 0 [pid 2545] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2546] <... memfd_create resumed>) = 3 [pid 2546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2545] <... futex resumed>) = 0 [pid 2545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2546] <... mmap resumed>) = 0x7f22d9170000 [pid 2545] <... mmap resumed>) = 0x7f22d914f000 [pid 2545] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2547 attached => {parent_tid=[2547]}, 88) = 2547 [pid 2547] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2547] rt_sigprocmask(SIG_SETMASK, [], [pid 2545] rt_sigprocmask(SIG_SETMASK, [], [pid 2547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2547] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2545] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2547] <... futex resumed>) = 0 [pid 2547] creat("./bus", 000 [pid 2545] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2547] <... creat resumed>) = 4 [pid 2547] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2547] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] <... futex resumed>) = 0 [pid 2545] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2545] <... futex resumed>) = 1 [pid 2547] <... futex resumed>) = 0 [pid 2547] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2545] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2547] <... mount resumed>) = 0 [pid 2547] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2547] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] <... futex resumed>) = 0 [pid 2545] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2547] <... futex resumed>) = 0 [pid 2545] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2547] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2547] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2545] <... futex resumed>) = 0 [pid 2547] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2545] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2545] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2547] <... mmap resumed>) = 0x20000000 [pid 2547] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2545] <... futex resumed>) = 0 [pid 2545] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2547] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2546] <... write resumed>) = ? [pid 2547] +++ killed by SIGBUS +++ [pid 2546] +++ killed by SIGBUS +++ [pid 2545] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2545, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./696", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./696", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./696/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./696/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./696/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./696/bus") = 0 umount2("./696/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./696/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./696/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./696") = 0 mkdir("./697", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2548 ./strace-static-x86_64: Process 2548 attached [pid 2548] set_robust_list(0x5555564336a0, 24) = 0 [pid 2548] chdir("./697") = 0 [pid 2548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2548] setpgid(0, 0) = 0 [pid 2548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2548] write(3, "1000", 4) = 4 [pid 2548] close(3) = 0 [pid 2548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2548] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2548] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2548] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2549]}, 88) = 2549 [pid 2548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2548] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2548] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2548] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2550 attached => {parent_tid=[2550]}, 88) = 2550 [pid 2548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2548] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2548] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2549 attached [pid 2549] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2549] memfd_create("syzkaller", 0) = 3 [pid 2549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2550] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2550] creat("./bus", 000) = 4 [pid 2550] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2548] <... futex resumed>) = 0 [pid 2548] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2548] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2550] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2550] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2548] <... futex resumed>) = 0 [pid 2548] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2548] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2550] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2549] <... write resumed>) = 262144 [pid 2549] munmap(0x7f22d914f000, 138412032) = 0 [pid 2549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2549] ioctl(5, LOOP_SET_FD, 3 [pid 2550] <... open resumed>) = 6 [pid 2549] <... ioctl resumed>) = 0 [pid 2550] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2549] close(3) = 0 [pid 2549] close(5) = 0 [pid 2549] mkdir("./file0", 0777) = 0 [pid 2549] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2548] <... futex resumed>) = 0 [pid 2548] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2548] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2550] <... futex resumed>) = 1 [pid 2550] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 2550] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2548] <... futex resumed>) = 0 [pid 2548] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] <... futex resumed>) = 1 [pid 2550] memfd_create("syzkaller", 0) = 3 [pid 2550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2550] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2549] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2549] ioctl(5, LOOP_CLR_FD) = 0 [pid 2549] close(5) = 0 [pid 2549] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2549] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2550] <... write resumed>) = 4194304 [pid 2550] munmap(0x7f22d914f000, 138412032) = 0 [pid 2550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2550] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2550] ioctl(5, LOOP_CLR_FD) = 0 [pid 2550] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2550] close(5) = 0 [pid 2550] close(3) = 0 [pid 2550] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2548] exit_group(0) = ? [pid 2549] <... futex resumed>) = ? [pid 2549] +++ exited with 0 +++ [pid 2550] <... futex resumed>) = ? [pid 2550] +++ exited with 0 +++ [pid 2548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2548, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./697", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./697", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./697/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./697/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./697/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./697/bus") = 0 umount2("./697/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./697/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./697/binderfs") = 0 umount2("./697/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./697/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./697/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./697/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./697/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./697") = 0 mkdir("./698", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2552 ./strace-static-x86_64: Process 2552 attached [pid 2552] set_robust_list(0x5555564336a0, 24) = 0 [pid 2552] chdir("./698") = 0 [pid 2552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2552] setpgid(0, 0) = 0 [pid 2552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2552] write(3, "1000", 4) = 4 [pid 2552] close(3) = 0 [pid 2552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2552] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2552] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2552] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2553 attached => {parent_tid=[2553]}, 88) = 2553 [pid 2553] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2553] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2552] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2553] <... futex resumed>) = 0 [pid 2552] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2553] memfd_create("syzkaller", 0 [pid 2552] <... futex resumed>) = 0 [pid 2552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2553] <... memfd_create resumed>) = 3 [pid 2553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2552] <... mmap resumed>) = 0x7f22e154f000 [pid 2552] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2553] <... mmap resumed>) = 0x7f22d914f000 [pid 2552] <... mprotect resumed>) = 0 [pid 2552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2554 attached [pid 2554] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2554] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2552] <... clone3 resumed> => {parent_tid=[2554]}, 88) = 2554 [pid 2552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2552] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2552] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2554] <... futex resumed>) = 0 [pid 2554] creat("./bus", 000) = 4 [pid 2554] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2554] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2552] <... futex resumed>) = 0 [pid 2552] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2554] <... futex resumed>) = 0 [pid 2554] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2552] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2554] <... mount resumed>) = 0 [pid 2554] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2553] <... write resumed>) = 262144 [pid 2554] <... futex resumed>) = 1 [pid 2553] munmap(0x7f22d914f000, 138412032 [pid 2552] <... futex resumed>) = 0 [pid 2554] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2552] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2552] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2554] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2553] <... munmap resumed>) = 0 [pid 2554] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2553] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2554] <... open resumed>) = 5 [pid 2553] <... openat resumed>) = 6 [pid 2554] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2553] ioctl(6, LOOP_SET_FD, 3 [pid 2554] <... futex resumed>) = 1 [pid 2552] <... futex resumed>) = 0 [pid 2552] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2552] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.084098][ T2549] loop0: detected capacity change from 0 to 512 [ 58.095947][ T2549] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 58.108635][ T2549] EXT4-fs (loop0): get root inode failed [ 58.114439][ T2549] EXT4-fs (loop0): mount failed [pid 2554] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2553] <... ioctl resumed>) = 0 [pid 2553] close(3) = 0 [pid 2553] close(6) = 0 [pid 2553] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2553] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2553] ioctl(3, LOOP_CLR_FD) = 0 [pid 2553] close(3) = 0 [pid 2553] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2553] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2554] <... mmap resumed>) = 0x20000000 [pid 2554] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2552] <... futex resumed>) = 0 [pid 2554] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2552] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2553] <... futex resumed>) = 0 [pid 2553] memfd_create("syzkaller", 0) = 3 [pid 2553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2552] <... futex resumed>) = 1 [pid 2553] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2553] munmap(0x7f22d914f000, 138412032) = 0 [pid 2553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2553] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2553] ioctl(6, LOOP_CLR_FD) = 0 [pid 2553] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2553] close(6) = 0 [pid 2553] close(3) = 0 [pid 2553] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2553] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2552] exit_group(0 [pid 2554] <... futex resumed>) = ? [pid 2552] <... exit_group resumed>) = ? [pid 2554] +++ exited with 0 +++ [pid 2553] <... futex resumed>) = ? [pid 2553] +++ exited with 0 +++ [pid 2552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2552, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./698", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./698", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./698/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./698/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./698/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./698/bus") = 0 umount2("./698/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./698/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./698/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 [ 58.159293][ T2553] loop0: detected capacity change from 0 to 512 [ 58.159893][ T2554] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 30 prio class 2 close(3) = 0 rmdir("./698") = 0 mkdir("./699", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2555 ./strace-static-x86_64: Process 2555 attached [pid 2555] set_robust_list(0x5555564336a0, 24) = 0 [pid 2555] chdir("./699") = 0 [pid 2555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2555] setpgid(0, 0) = 0 [pid 2555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2555] write(3, "1000", 4) = 4 [pid 2555] close(3) = 0 [pid 2555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2555] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2555] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2556]}, 88) = 2556 [pid 2555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2555] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2555] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2557]}, 88) = 2557 [pid 2555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2555] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2557 attached [pid 2557] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2557] creat("./bus", 000) = 3 [pid 2557] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2555] <... futex resumed>) = 0 [pid 2555] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2557] <... futex resumed>) = 1 [pid 2557] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2557] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2555] <... futex resumed>) = 0 [pid 2555] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2557] <... futex resumed>) = 1 [pid 2557] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2557] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2555] <... futex resumed>) = 0 [pid 2555] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2557] <... futex resumed>) = 1 [pid 2557] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2557] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2555] <... futex resumed>) = 0 [pid 2555] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2557] <... futex resumed>) = 1 [pid 2557] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2557] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2556 attached [pid 2556] +++ killed by SIGBUS +++ [pid 2555] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2555, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./699", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./699", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./699/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./699/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./699/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./699/bus") = 0 umount2("./699/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./699/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./699/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./699") = 0 mkdir("./700", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2558 ./strace-static-x86_64: Process 2558 attached [pid 2558] set_robust_list(0x5555564336a0, 24) = 0 [pid 2558] chdir("./700") = 0 [pid 2558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2558] setpgid(0, 0) = 0 [pid 2558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2558] write(3, "1000", 4) = 4 [pid 2558] close(3) = 0 [pid 2558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2558] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2558] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2558] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2558] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2559]}, 88) = 2559 [pid 2558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2558] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2558] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2558] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2559 attached => {parent_tid=[2560]}, 88) = 2560 [pid 2559] set_robust_list(0x7f22e15909a0, 24 [pid 2558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2558] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2558] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2560 attached [pid 2560] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2560] creat("./bus", 000 [pid 2559] <... set_robust_list resumed>) = 0 [pid 2560] <... creat resumed>) = 3 [pid 2560] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2558] <... futex resumed>) = 0 [pid 2558] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2558] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2560] <... futex resumed>) = 1 [pid 2560] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2560] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2558] <... futex resumed>) = 0 [pid 2558] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2558] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2560] <... futex resumed>) = 1 [pid 2560] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2560] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2558] <... futex resumed>) = 0 [pid 2558] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2558] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2560] <... futex resumed>) = 1 [pid 2560] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2559] rt_sigprocmask(SIG_SETMASK, [], [pid 2560] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2558] <... futex resumed>) = 0 [pid 2558] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2560] <... futex resumed>) = 1 [pid 2560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2560] +++ killed by SIGBUS +++ [pid 2559] <... rt_sigprocmask resumed> ) = ? [pid 2559] +++ killed by SIGBUS +++ [pid 2558] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2558, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./700", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./700", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./700/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./700/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./700/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./700/bus") = 0 umount2("./700/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./700/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./700/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./700") = 0 mkdir("./701", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2561 ./strace-static-x86_64: Process 2561 attached [pid 2561] set_robust_list(0x5555564336a0, 24) = 0 [pid 2561] chdir("./701") = 0 [pid 2561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2561] setpgid(0, 0) = 0 [pid 2561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2561] write(3, "1000", 4) = 4 [pid 2561] close(3) = 0 [pid 2561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2561] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2561] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2561] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2561] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2561] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2561] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2562 attached => {parent_tid=[2562]}, 88) = 2562 [pid 2562] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2562] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2561] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2562] <... futex resumed>) = 0 [pid 2561] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2562] memfd_create("syzkaller", 0 [pid 2561] <... futex resumed>) = 0 [pid 2562] <... memfd_create resumed>) = 3 [pid 2562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2561] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2561] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2561] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2563 attached => {parent_tid=[2563]}, 88) = 2563 [pid 2563] set_robust_list(0x7f22d916f9a0, 24 [pid 2561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2563] <... set_robust_list resumed>) = 0 [pid 2561] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2563] rt_sigprocmask(SIG_SETMASK, [], [pid 2561] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2563] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2563] creat("./bus", 000) = 4 [pid 2563] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] <... futex resumed>) = 0 [pid 2563] <... futex resumed>) = 1 [pid 2561] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2563] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2561] <... futex resumed>) = 0 [pid 2562] <... write resumed>) = 262144 [pid 2562] munmap(0x7f22d9170000, 138412032 [pid 2561] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2563] <... mount resumed>) = 0 [pid 2562] <... munmap resumed>) = 0 [pid 2562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2563] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2562] ioctl(5, LOOP_SET_FD, 3 [pid 2561] <... futex resumed>) = 0 [pid 2563] <... futex resumed>) = 1 [pid 2561] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2563] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2561] <... futex resumed>) = 0 [pid 2561] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2563] <... open resumed>) = 6 [pid 2563] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] <... futex resumed>) = 0 [pid 2561] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2561] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2563] <... futex resumed>) = 1 [pid 2563] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2562] <... ioctl resumed>) = 0 [pid 2562] close(3) = 0 [pid 2562] close(5 [pid 2563] <... mmap resumed>) = 0x20000000 [pid 2563] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] <... futex resumed>) = 0 [pid 2561] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2563] <... futex resumed>) = 1 [pid 2563] memfd_create("syzkaller", 0) = 3 [pid 2563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2562] <... close resumed>) = 0 [pid 2562] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2562] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2562] ioctl(5, LOOP_CLR_FD) = 0 [pid 2562] close(5) = 0 [pid 2562] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2562] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2563] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2563] munmap(0x7f22d9170000, 138412032) = 0 [pid 2563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2563] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2563] ioctl(5, LOOP_CLR_FD) = 0 [pid 2563] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2563] close(5) = 0 [pid 2563] close(3) = 0 [pid 2563] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] exit_group(0) = ? [pid 2562] <... futex resumed>) = ? [pid 2562] +++ exited with 0 +++ [pid 2563] <... futex resumed>) = ? [pid 2563] +++ exited with 0 +++ [pid 2561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2561, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./701", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./701", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./701/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./701/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./701/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./701/bus") = 0 umount2("./701/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./701/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./701/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./701") = 0 mkdir("./702", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2564 ./strace-static-x86_64: Process 2564 attached [pid 2564] set_robust_list(0x5555564336a0, 24) = 0 [pid 2564] chdir("./702") = 0 [pid 2564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2564] setpgid(0, 0) = 0 [pid 2564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2564] write(3, "1000", 4) = 4 [pid 2564] close(3) = 0 [pid 2564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2564] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2564] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [ 58.259597][ T2562] loop0: detected capacity change from 0 to 512 [pid 2564] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2564] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2565 attached [pid 2565] set_robust_list(0x7f22e15909a0, 24 [pid 2564] <... clone3 resumed> => {parent_tid=[2565]}, 88) = 2565 [pid 2565] <... set_robust_list resumed>) = 0 [pid 2564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2564] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2564] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2565] memfd_create("syzkaller", 0 [pid 2564] <... futex resumed>) = 0 [pid 2565] <... memfd_create resumed>) = 3 [pid 2564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2564] <... mmap resumed>) = 0x7f22e154f000 [pid 2564] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2565] <... mmap resumed>) = 0x7f22d914f000 [pid 2564] <... mprotect resumed>) = 0 [pid 2564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2566 attached => {parent_tid=[2566]}, 88) = 2566 [pid 2566] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2566] rt_sigprocmask(SIG_SETMASK, [], [pid 2564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2564] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2566] creat("./bus", 000 [pid 2564] <... futex resumed>) = 0 [pid 2564] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2566] <... creat resumed>) = 4 [pid 2566] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2566] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2564] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2564] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2564] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2566] <... futex resumed>) = 0 [pid 2566] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2566] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2564] <... futex resumed>) = 0 [pid 2566] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2564] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2564] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2566] <... open resumed>) = 5 [pid 2566] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2564] <... futex resumed>) = 0 [pid 2566] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2564] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2564] <... futex resumed>) = 0 [pid 2564] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2566] <... mmap resumed>) = 0x20000000 [pid 2566] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2564] <... futex resumed>) = 0 [pid 2564] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2566] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2565] <... write resumed>) = 262144 [pid 2566] +++ killed by SIGBUS +++ [pid 2565] +++ killed by SIGBUS +++ [pid 2564] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2564, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./702", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./702", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./702/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./702/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./702/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./702/bus") = 0 umount2("./702/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./702/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./702/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./702") = 0 mkdir("./703", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2567 ./strace-static-x86_64: Process 2567 attached [pid 2567] set_robust_list(0x5555564336a0, 24) = 0 [pid 2567] chdir("./703") = 0 [pid 2567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2567] setpgid(0, 0) = 0 [pid 2567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2567] write(3, "1000", 4) = 4 [pid 2567] close(3) = 0 [pid 2567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2567] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2567] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2567] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2567] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2567] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2567] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2568 attached [pid 2568] set_robust_list(0x7f22e15909a0, 24 [pid 2567] <... clone3 resumed> => {parent_tid=[2568]}, 88) = 2568 [pid 2568] <... set_robust_list resumed>) = 0 [pid 2567] rt_sigprocmask(SIG_SETMASK, [], [pid 2568] rt_sigprocmask(SIG_SETMASK, [], [pid 2567] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2568] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2567] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2568] memfd_create("syzkaller", 0 [pid 2567] <... futex resumed>) = 0 [pid 2567] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2568] <... memfd_create resumed>) = 3 [pid 2568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2567] <... futex resumed>) = 0 [pid 2567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2568] <... mmap resumed>) = 0x7f22d914f000 [pid 2567] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2567] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2567] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2569]}, 88) = 2569 [pid 2567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2567] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2567] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2569 attached [pid 2569] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2569] creat("./bus", 000) = 4 [pid 2569] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2567] <... futex resumed>) = 0 [pid 2567] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2567] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2569] <... futex resumed>) = 1 [pid 2569] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2569] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2567] <... futex resumed>) = 0 [pid 2567] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2567] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2569] <... futex resumed>) = 1 [pid 2569] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2569] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2567] <... futex resumed>) = 0 [pid 2567] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2567] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2569] <... futex resumed>) = 1 [pid 2569] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2568] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dcb} --- [pid 2569] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2567] <... futex resumed>) = 0 [pid 2567] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2569] <... futex resumed>) = 1 [pid 2568] +++ killed by SIGBUS +++ [pid 2569] +++ killed by SIGBUS +++ [pid 2567] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2567, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./703", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./703", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./703/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./703/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./703/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./703/bus") = 0 umount2("./703/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./703/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./703/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./703") = 0 mkdir("./704", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2570 ./strace-static-x86_64: Process 2570 attached [pid 2570] set_robust_list(0x5555564336a0, 24) = 0 [pid 2570] chdir("./704") = 0 [pid 2570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2570] setpgid(0, 0) = 0 [pid 2570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2570] write(3, "1000", 4) = 4 [pid 2570] close(3) = 0 [pid 2570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2570] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2570] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2570] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2571 attached [pid 2571] set_robust_list(0x7f22e15909a0, 24 [pid 2570] <... clone3 resumed> => {parent_tid=[2571]}, 88) = 2571 [pid 2571] <... set_robust_list resumed>) = 0 [pid 2570] rt_sigprocmask(SIG_SETMASK, [], [pid 2571] rt_sigprocmask(SIG_SETMASK, [], [pid 2570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2570] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2571] memfd_create("syzkaller", 0 [pid 2570] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2571] <... memfd_create resumed>) = 3 [pid 2570] <... futex resumed>) = 0 [pid 2571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2571] <... mmap resumed>) = 0x7f22d914f000 [pid 2570] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2572 attached => {parent_tid=[2572]}, 88) = 2572 [pid 2572] set_robust_list(0x7f22e156f9a0, 24 [pid 2570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2572] <... set_robust_list resumed>) = 0 [pid 2570] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2572] rt_sigprocmask(SIG_SETMASK, [], [pid 2570] <... futex resumed>) = 0 [pid 2570] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2572] creat("./bus", 000 [pid 2571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2572] <... creat resumed>) = 4 [pid 2572] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2570] <... futex resumed>) = 0 [pid 2572] <... futex resumed>) = 1 [pid 2570] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2572] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2570] <... futex resumed>) = 0 [pid 2570] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2572] <... mount resumed>) = 0 [pid 2571] <... write resumed>) = 262144 [pid 2571] munmap(0x7f22d914f000, 138412032 [pid 2572] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2571] <... munmap resumed>) = 0 [pid 2572] <... futex resumed>) = 1 [pid 2570] <... futex resumed>) = 0 [pid 2571] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2572] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2570] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2571] <... openat resumed>) = 5 [pid 2571] ioctl(5, LOOP_SET_FD, 3 [pid 2570] <... futex resumed>) = 0 [pid 2572] <... open resumed>) = 6 [pid 2570] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2572] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2571] <... ioctl resumed>) = 0 [pid 2570] <... futex resumed>) = 0 [pid 2570] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2570] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2572] <... futex resumed>) = 1 [pid 2572] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2571] close(3) = 0 [pid 2571] close(5) = 0 [pid 2571] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2571] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2571] ioctl(3, LOOP_CLR_FD) = 0 [pid 2571] close(3) = 0 [pid 2571] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2571] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2572] <... mmap resumed>) = 0x20000000 [pid 2572] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2570] <... futex resumed>) = 0 [pid 2570] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2571] <... futex resumed>) = 0 [pid 2571] memfd_create("syzkaller", 0) = 3 [pid 2571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2572] <... futex resumed>) = 1 [pid 2572] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2571] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2571] munmap(0x7f22d914f000, 138412032) = 0 [pid 2571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2571] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2571] ioctl(5, LOOP_CLR_FD) = 0 [pid 2571] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2571] close(5) = 0 [pid 2571] close(3) = 0 [pid 2571] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2571] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2570] exit_group(0 [pid 2572] <... futex resumed>) = ? [pid 2571] <... futex resumed>) = ? [pid 2570] <... exit_group resumed>) = ? [pid 2571] +++ exited with 0 +++ [pid 2572] +++ exited with 0 +++ [pid 2570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2570, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./704", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./704", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./704/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./704/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./704/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./704/bus") = 0 umount2("./704/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./704/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./704/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./704") = 0 mkdir("./705", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2574 ./strace-static-x86_64: Process 2574 attached [pid 2574] set_robust_list(0x5555564336a0, 24) = 0 [pid 2574] chdir("./705") = 0 [pid 2574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2574] setpgid(0, 0) = 0 [pid 2574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2574] write(3, "1000", 4) = 4 [pid 2574] close(3) = 0 [pid 2574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2574] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2574] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2574] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2574] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2575]}, 88) = 2575 [pid 2574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2574] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2574] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2574] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2576]}, 88) = 2576 [pid 2574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2574] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2575 attached [pid 2575] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2575] memfd_create("syzkaller", 0) = 3 [pid 2575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2576 attached [pid 2575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2576] set_robust_list(0x7f22e156f9a0, 24 [pid 2575] <... write resumed>) = 262144 [pid 2575] munmap(0x7f22d914f000, 138412032) = 0 [pid 2575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 58.395285][ T2571] loop0: detected capacity change from 0 to 512 [pid 2575] ioctl(4, LOOP_SET_FD, 3 [pid 2576] <... set_robust_list resumed>) = 0 [pid 2575] <... ioctl resumed>) = 0 [pid 2575] close(3) = 0 [pid 2575] close(4 [pid 2576] rt_sigprocmask(SIG_SETMASK, [], [pid 2575] <... close resumed>) = 0 [pid 2575] mkdir("./file0", 0777) = 0 [pid 2575] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2576] creat("./bus", 000) = 3 [pid 2576] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2574] <... futex resumed>) = 0 [pid 2574] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2576] <... futex resumed>) = 1 [pid 2576] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2576] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2574] <... futex resumed>) = 0 [pid 2574] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2576] <... futex resumed>) = 1 [pid 2576] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2576] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2574] <... futex resumed>) = 0 [pid 2574] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2576] <... futex resumed>) = 1 [pid 2576] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2575] <... mount resumed>) = 0 [pid 2576] <... mmap resumed>) = 0x20000000 [pid 2576] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2574] <... futex resumed>) = 0 [pid 2574] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2576] <... futex resumed>) = 1 [pid 2576] memfd_create("syzkaller", 0) = 5 [pid 2576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2575] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY [pid 2576] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2575] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 2575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2575] ioctl(6, LOOP_CLR_FD) = 0 [pid 2575] close(6) = 0 [pid 2575] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2576] <... write resumed>) = 4194304 [pid 2576] munmap(0x7f22d914f000, 138412032) = 0 [pid 2576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2576] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2576] ioctl(6, LOOP_CLR_FD) = 0 [pid 2576] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2576] close(6) = 0 [pid 2576] close(5) = 0 [pid 2576] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2576] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2574] exit_group(0 [pid 2575] <... futex resumed>) = ? [pid 2574] <... exit_group resumed>) = ? [pid 2575] +++ exited with 0 +++ [pid 2576] <... futex resumed>) = ? [pid 2576] +++ exited with 0 +++ [pid 2574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2574, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./705", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./705", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./705/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./705/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./705/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./705/bus") = 0 umount2("./705/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./705/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./705/binderfs") = 0 umount2("./705/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./705/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./705/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./705/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./705/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./705/file0") = 0 [ 58.450976][ T2575] loop0: detected capacity change from 0 to 512 [ 58.463931][ T2575] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./705") = 0 mkdir("./706", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2578 ./strace-static-x86_64: Process 2578 attached [pid 2578] set_robust_list(0x5555564336a0, 24) = 0 [pid 2578] chdir("./706") = 0 [pid 2578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2578] setpgid(0, 0) = 0 [pid 2578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2578] write(3, "1000", 4) = 4 [pid 2578] close(3) = 0 [pid 2578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2578] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2578] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2578] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2578] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2578] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2579]}, 88) = 2579 [pid 2578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2578] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2578] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2578] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2578] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2580]}, 88) = 2580 [pid 2578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2578] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2578] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2580 attached [pid 2580] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 2579 attached [pid 2580] creat("./bus", 000 [pid 2579] set_robust_list(0x7f22e15909a0, 24 [pid 2580] <... creat resumed>) = 3 [pid 2580] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2578] <... futex resumed>) = 0 [pid 2578] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2578] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2580] <... futex resumed>) = 1 [pid 2580] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2579] <... set_robust_list resumed>) = 0 [pid 2580] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2578] <... futex resumed>) = 0 [pid 2578] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2578] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2580] <... futex resumed>) = 1 [pid 2580] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2580] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2578] <... futex resumed>) = 0 [pid 2578] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2578] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2580] <... futex resumed>) = 1 [pid 2580] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2579] rt_sigprocmask(SIG_SETMASK, [], [pid 2580] <... mmap resumed>) = 0x20000000 [pid 2580] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2578] <... futex resumed>) = 0 [pid 2578] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2580] <... futex resumed>) = 1 [pid 2579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2579] +++ killed by SIGBUS +++ [pid 2580] +++ killed by SIGBUS +++ [pid 2578] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2578, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./706", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./706", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./706/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./706/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./706/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./706/bus") = 0 umount2("./706/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./706/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./706/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./706") = 0 mkdir("./707", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2581 ./strace-static-x86_64: Process 2581 attached [pid 2581] set_robust_list(0x5555564336a0, 24) = 0 [pid 2581] chdir("./707") = 0 [pid 2581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2581] setpgid(0, 0) = 0 [pid 2581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2581] write(3, "1000", 4) = 4 [pid 2581] close(3) = 0 [pid 2581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2581] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2581] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2581] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2581] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2581] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2582]}, 88) = 2582 [pid 2581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2581] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2581] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2581] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 2582 attached ) = 0 [pid 2581] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2582] set_robust_list(0x7f22e15909a0, 24 [pid 2581] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2582] <... set_robust_list resumed>) = 0 [pid 2581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2582] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2583 attached [pid 2583] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2583] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2581] <... clone3 resumed> => {parent_tid=[2583]}, 88) = 2583 [pid 2581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2581] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2583] <... futex resumed>) = 0 [pid 2581] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2583] creat("./bus", 000 [pid 2582] memfd_create("syzkaller", 0) = 4 [pid 2583] <... creat resumed>) = 3 [pid 2582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2583] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2582] <... mmap resumed>) = 0x7f22d914f000 [pid 2583] <... futex resumed>) = 1 [pid 2581] <... futex resumed>) = 0 [pid 2581] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2581] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2583] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2583] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2581] <... futex resumed>) = 0 [pid 2581] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2581] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2583] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2583] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2581] <... futex resumed>) = 0 [pid 2581] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2581] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2583] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2582] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d2a} --- [pid 2581] <... futex resumed>) = ? [pid 2583] +++ killed by SIGBUS +++ [pid 2582] +++ killed by SIGBUS +++ [pid 2581] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2581, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./707", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./707", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./707/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./707/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./707/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./707/bus") = 0 umount2("./707/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./707/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./707/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./707") = 0 mkdir("./708", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2584 ./strace-static-x86_64: Process 2584 attached [pid 2584] set_robust_list(0x5555564336a0, 24) = 0 [pid 2584] chdir("./708") = 0 [pid 2584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2584] setpgid(0, 0) = 0 [pid 2584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2584] write(3, "1000", 4) = 4 [pid 2584] close(3) = 0 [pid 2584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2584] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2584] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2585]}, 88) = 2585 ./strace-static-x86_64: Process 2585 attached [pid 2584] rt_sigprocmask(SIG_SETMASK, [], [pid 2585] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2585] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2584] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2585] <... futex resumed>) = 0 [pid 2585] memfd_create("syzkaller", 0 [pid 2584] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2585] <... memfd_create resumed>) = 3 [pid 2585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2584] <... futex resumed>) = 0 [pid 2584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2584] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2584] <... clone3 resumed> => {parent_tid=[2586]}, 88) = 2586 [pid 2584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2584] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2585] <... write resumed>) = 262144 [pid 2585] munmap(0x7f22d9170000, 138412032) = 0 [pid 2585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2585] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2586 attached [pid 2586] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2586] creat("./bus", 000) = 5 [pid 2586] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] <... futex resumed>) = 0 [pid 2584] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2586] <... futex resumed>) = 1 [pid 2586] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2586] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] <... futex resumed>) = 0 [pid 2584] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2586] <... futex resumed>) = 1 [pid 2586] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2586] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] <... futex resumed>) = 0 [pid 2584] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2586] <... futex resumed>) = 1 [pid 2586] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2585] <... ioctl resumed>) = 0 [pid 2585] close(3) = 0 [pid 2585] close(4 [pid 2586] <... mmap resumed>) = 0x20000000 [pid 2586] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] <... futex resumed>) = 0 [pid 2584] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2586] <... futex resumed>) = 1 [pid 2586] memfd_create("syzkaller", 0) = 3 [pid 2586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2585] <... close resumed>) = 0 [pid 2585] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2585] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2585] ioctl(4, LOOP_CLR_FD) = 0 [pid 2585] close(4) = 0 [pid 2585] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2585] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2586] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2586] munmap(0x7f22d9170000, 138412032) = 0 [pid 2586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2586] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2586] ioctl(4, LOOP_CLR_FD) = 0 [pid 2586] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2586] close(4) = 0 [pid 2586] close(3) = 0 [pid 2586] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2586] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2584] exit_group(0 [pid 2586] <... futex resumed>) = ? [pid 2585] <... futex resumed>) = ? [pid 2584] <... exit_group resumed>) = ? [pid 2585] +++ exited with 0 +++ [pid 2586] +++ exited with 0 +++ [pid 2584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2584, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./708", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./708", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./708/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./708/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./708/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./708/bus") = 0 umount2("./708/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./708/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./708/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./708") = 0 mkdir("./709", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2587 ./strace-static-x86_64: Process 2587 attached [pid 2587] set_robust_list(0x5555564336a0, 24) = 0 [pid 2587] chdir("./709") = 0 [pid 2587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2587] setpgid(0, 0) = 0 [pid 2587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2587] write(3, "1000", 4) = 4 [pid 2587] close(3) = 0 [pid 2587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2587] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2587] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2587] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2587] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2587] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2588 attached => {parent_tid=[2588]}, 88) = 2588 [pid 2588] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2588] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2587] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2588] <... futex resumed>) = 0 [pid 2587] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2588] memfd_create("syzkaller", 0) = 3 [pid 2588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2587] <... futex resumed>) = 0 [pid 2587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2587] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2587] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2587] <... clone3 resumed> => {parent_tid=[2589]}, 88) = 2589 [pid 2587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2587] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2589 attached [pid 2588] <... write resumed>) = 262144 [ 58.558381][ T2585] loop0: detected capacity change from 0 to 512 [pid 2589] set_robust_list(0x7f22d916f9a0, 24 [pid 2588] munmap(0x7f22d9170000, 138412032 [pid 2587] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2589] <... set_robust_list resumed>) = 0 [pid 2588] <... munmap resumed>) = 0 [pid 2588] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2589] rt_sigprocmask(SIG_SETMASK, [], [pid 2588] <... openat resumed>) = 4 [pid 2589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2588] ioctl(4, LOOP_SET_FD, 3 [pid 2589] creat("./bus", 000) = 5 [pid 2589] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2587] <... futex resumed>) = 0 [pid 2587] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2587] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2589] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2589] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2587] <... futex resumed>) = 0 [pid 2587] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2587] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2589] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2589] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2587] <... futex resumed>) = 0 [pid 2587] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2587] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2589] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2588] <... ioctl resumed>) = 0 [pid 2588] close(3) = 0 [pid 2588] close(4 [pid 2589] <... mmap resumed>) = 0x20000000 [pid 2589] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2587] <... futex resumed>) = 0 [pid 2587] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2589] memfd_create("syzkaller", 0) = 3 [pid 2589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2588] <... close resumed>) = 0 [pid 2588] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2588] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2588] ioctl(4, LOOP_CLR_FD) = 0 [pid 2588] close(4) = 0 [pid 2588] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2588] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2589] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2589] munmap(0x7f22d9170000, 138412032) = 0 [pid 2589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2589] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2589] ioctl(4, LOOP_CLR_FD) = 0 [pid 2589] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2589] close(4) = 0 [pid 2589] close(3) = 0 [pid 2589] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2587] exit_group(0) = ? [pid 2588] <... futex resumed>) = ? [pid 2588] +++ exited with 0 +++ [pid 2589] +++ exited with 0 +++ [pid 2587] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2587, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./709", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./709", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./709/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./709/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./709/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./709/bus") = 0 umount2("./709/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./709/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./709/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./709") = 0 mkdir("./710", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2590 attached [pid 2590] set_robust_list(0x5555564336a0, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2590 [pid 2590] chdir("./710") = 0 [pid 2590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2590] setpgid(0, 0) = 0 [pid 2590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2590] write(3, "1000", 4) = 4 [pid 2590] close(3) = 0 [pid 2590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2590] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2590] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2590] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2590] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2591 attached => {parent_tid=[2591]}, 88) = 2591 [pid 2591] set_robust_list(0x7f22e15909a0, 24 [pid 2590] rt_sigprocmask(SIG_SETMASK, [], [pid 2591] <... set_robust_list resumed>) = 0 [pid 2590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2591] rt_sigprocmask(SIG_SETMASK, [], [pid 2590] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2590] <... futex resumed>) = 0 [pid 2590] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2591] memfd_create("syzkaller", 0 [pid 2590] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2591] <... memfd_create resumed>) = 3 [pid 2591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2590] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2591] <... mmap resumed>) = 0x7f22d914f000 [pid 2590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2592]}, 88) = 2592 [pid 2590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2590] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2592 attached [pid 2592] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2592] creat("./bus", 000) = 4 [pid 2592] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2592] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 58.629182][ T2588] loop0: detected capacity change from 0 to 512 [pid 2591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2591] munmap(0x7f22d914f000, 138412032) = 0 [pid 2591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2591] ioctl(5, LOOP_SET_FD, 3 [pid 2590] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2590] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2592] <... futex resumed>) = 0 [pid 2590] <... futex resumed>) = 1 [pid 2592] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2592] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2592] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2591] <... ioctl resumed>) = 0 [pid 2591] close(3) = 0 [pid 2591] close(5) = 0 [pid 2591] mkdir("./file0", 0777 [pid 2590] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2591] <... mkdir resumed>) = 0 [pid 2590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2591] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2590] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2592] <... futex resumed>) = 0 [pid 2590] <... futex resumed>) = 1 [pid 2592] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2592] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2592] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2590] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2590] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2592] <... futex resumed>) = 0 [pid 2590] <... futex resumed>) = 1 [pid 2592] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2590] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2592] <... mmap resumed>) = 0x20000000 [pid 2592] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2592] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2590] <... futex resumed>) = 0 [pid 2590] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2592] <... futex resumed>) = 0 [pid 2590] <... futex resumed>) = 1 [pid 2592] memfd_create("syzkaller", 0) = 5 [pid 2592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2591] <... mount resumed>) = 0 [pid 2591] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2591] ioctl(6, LOOP_CLR_FD) = 0 [pid 2591] close(6 [pid 2592] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2591] <... close resumed>) = 0 [pid 2591] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2591] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2592] <... write resumed>) = 4194304 [pid 2592] munmap(0x7f22d914f000, 138412032) = 0 [pid 2592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2592] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2592] ioctl(6, LOOP_CLR_FD) = 0 [pid 2592] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2592] close(6) = 0 [pid 2592] close(5) = 0 [pid 2592] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2592] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2590] exit_group(0 [pid 2592] <... futex resumed>) = ? [pid 2591] <... futex resumed>) = ? [pid 2590] <... exit_group resumed>) = ? [pid 2591] +++ exited with 0 +++ [pid 2592] +++ exited with 0 +++ [pid 2590] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2590, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./710", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./710", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./710/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./710/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./710/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./710/bus") = 0 umount2("./710/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./710/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./710/binderfs") = 0 umount2("./710/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./710/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./710/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./710/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./710/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./710/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./710") = 0 mkdir("./711", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 58.690575][ T2591] loop0: detected capacity change from 0 to 512 [ 58.701744][ T2591] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor245: couldn't read orphan inode 12 (err -116) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2594 attached [pid 2594] set_robust_list(0x5555564336a0, 24) = 0 [pid 2594] chdir("./711") = 0 [pid 2594] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2594 [pid 2594] <... prctl resumed>) = 0 [pid 2594] setpgid(0, 0) = 0 [pid 2594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2594] write(3, "1000", 4) = 4 [pid 2594] close(3) = 0 [pid 2594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2594] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2594] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2595 attached => {parent_tid=[2595]}, 88) = 2595 [pid 2595] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2595] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2594] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2595] <... futex resumed>) = 0 [pid 2594] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2595] memfd_create("syzkaller", 0 [pid 2594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2595] <... memfd_create resumed>) = 3 [pid 2595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2594] <... mmap resumed>) = 0x7f22e154f000 [pid 2595] <... mmap resumed>) = 0x7f22d914f000 [pid 2594] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2596]}, 88) = 2596 [pid 2594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2594] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2594] <... futex resumed>) = 0 [pid 2594] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2596 attached [pid 2595] <... write resumed>) = 262144 [pid 2595] munmap(0x7f22d914f000, 138412032 [pid 2596] set_robust_list(0x7f22e156f9a0, 24 [pid 2595] <... munmap resumed>) = 0 [pid 2596] <... set_robust_list resumed>) = 0 [pid 2595] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2596] rt_sigprocmask(SIG_SETMASK, [], [pid 2595] <... openat resumed>) = 4 [pid 2596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2595] ioctl(4, LOOP_SET_FD, 3 [pid 2596] creat("./bus", 000) = 5 [pid 2596] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2594] <... futex resumed>) = 0 [pid 2594] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2596] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2596] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2594] <... futex resumed>) = 0 [pid 2594] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2596] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2596] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2594] <... futex resumed>) = 0 [pid 2594] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2596] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2595] <... ioctl resumed>) = 0 [pid 2595] close(3) = 0 [pid 2595] close(4) = 0 [pid 2596] <... mmap resumed>) = 0x20000000 [pid 2595] mkdir(0x200000c0, 0777 [pid 2596] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2594] <... futex resumed>) = 0 [pid 2594] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2596] memfd_create("syzkaller", 0) = 3 [pid 2596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2595] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2595] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2595] ioctl(4, LOOP_CLR_FD) = 0 [pid 2595] close(4) = 0 [pid 2595] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2595] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2596] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2596] munmap(0x7f22d914f000, 138412032) = 0 [pid 2596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2596] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2596] ioctl(4, LOOP_CLR_FD) = 0 [pid 2596] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2596] close(4) = 0 [pid 2596] close(3) = 0 [pid 2596] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2596] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2594] exit_group(0 [pid 2595] <... futex resumed>) = ? [pid 2594] <... exit_group resumed>) = ? [pid 2595] +++ exited with 0 +++ [pid 2596] <... futex resumed>) = ? [pid 2596] +++ exited with 0 +++ [pid 2594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2594, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./711", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./711", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./711/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./711/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./711/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./711/bus") = 0 umount2("./711/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./711/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./711/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./711") = 0 mkdir("./712", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2597 ./strace-static-x86_64: Process 2597 attached [pid 2597] set_robust_list(0x5555564336a0, 24) = 0 [pid 2597] chdir("./712") = 0 [pid 2597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2597] setpgid(0, 0) = 0 [pid 2597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2597] write(3, "1000", 4) = 4 [pid 2597] close(3) = 0 [pid 2597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2597] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2597] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [ 58.763646][ T2595] loop0: detected capacity change from 0 to 512 [pid 2597] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2597] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2598 attached => {parent_tid=[2598]}, 88) = 2598 [pid 2598] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2598] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2597] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2598] <... futex resumed>) = 0 [pid 2597] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2598] memfd_create("syzkaller", 0 [pid 2597] <... futex resumed>) = 0 [pid 2598] <... memfd_create resumed>) = 3 [pid 2598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2597] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2599]}, 88) = 2599 [pid 2597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2597] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2597] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2599 attached ) = 262144 [pid 2599] set_robust_list(0x7f22d916f9a0, 24 [pid 2598] munmap(0x7f22d9170000, 138412032 [pid 2599] <... set_robust_list resumed>) = 0 [pid 2598] <... munmap resumed>) = 0 [pid 2599] rt_sigprocmask(SIG_SETMASK, [], [pid 2598] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2598] <... openat resumed>) = 4 [pid 2599] creat("./bus", 000 [pid 2598] ioctl(4, LOOP_SET_FD, 3 [pid 2599] <... creat resumed>) = 5 [pid 2599] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2597] <... futex resumed>) = 0 [pid 2597] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2597] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2599] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2599] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2597] <... futex resumed>) = 0 [pid 2597] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2597] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2599] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2599] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2597] <... futex resumed>) = 0 [pid 2597] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2597] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2599] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2598] <... ioctl resumed>) = 0 [pid 2598] close(3) = 0 [pid 2598] close(4 [pid 2599] <... mmap resumed>) = 0x20000000 [pid 2598] <... close resumed>) = 0 [pid 2598] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2598] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2598] ioctl(3, LOOP_CLR_FD) = 0 [pid 2598] close(3) = 0 [pid 2598] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2598] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2599] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2597] <... futex resumed>) = 0 [pid 2597] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2598] <... futex resumed>) = 0 [pid 2598] memfd_create("syzkaller", 0 [pid 2599] <... futex resumed>) = 1 [pid 2599] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2598] <... memfd_create resumed>) = 3 [pid 2598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2598] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2598] munmap(0x7f22d9170000, 138412032) = 0 [pid 2598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2598] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2598] ioctl(4, LOOP_CLR_FD) = 0 [pid 2598] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2598] close(4) = 0 [pid 2598] close(3) = 0 [pid 2598] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2598] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2597] exit_group(0 [pid 2599] <... futex resumed>) = ? [pid 2598] <... futex resumed>) = ? [pid 2597] <... exit_group resumed>) = ? [pid 2599] +++ exited with 0 +++ [pid 2598] +++ exited with 0 +++ [pid 2597] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2597, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./712", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./712", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./712/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./712/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./712/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./712/bus") = 0 umount2("./712/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./712/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./712/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./712") = 0 mkdir("./713", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2600 ./strace-static-x86_64: Process 2600 attached [pid 2600] set_robust_list(0x5555564336a0, 24) = 0 [pid 2600] chdir("./713") = 0 [pid 2600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2600] setpgid(0, 0) = 0 [pid 2600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2600] write(3, "1000", 4) = 4 [pid 2600] close(3) = 0 [pid 2600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2600] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2600] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2601]}, 88) = 2601 [pid 2600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2600] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2600] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2602]}, 88) = 2602 [pid 2600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2600] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2602 attached [pid 2602] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2602] creat("./bus", 000) = 3 [pid 2602] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] <... futex resumed>) = 0 [pid 2600] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2602] <... futex resumed>) = 1 [pid 2602] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2602] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] <... futex resumed>) = 0 [pid 2600] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2602] <... futex resumed>) = 1 [pid 2602] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2602] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] <... futex resumed>) = 0 [pid 2600] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2601 attached [pid 2602] <... futex resumed>) = 1 [pid 2600] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2602] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2601] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2601] rt_sigprocmask(SIG_SETMASK, [], [pid 2602] <... mmap resumed>) = 0x20000000 [pid 2602] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2601] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000184} --- [pid 2602] <... futex resumed>) = 1 [pid 2600] <... futex resumed>) = 0 [pid 2600] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 2601] +++ killed by SIGBUS +++ [ 58.830855][ T2598] loop0: detected capacity change from 0 to 512 [pid 2602] +++ killed by SIGBUS +++ [pid 2600] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2600, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./713", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./713", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./713/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./713/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./713/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./713/bus") = 0 umount2("./713/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./713/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./713/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./713") = 0 mkdir("./714", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2603 ./strace-static-x86_64: Process 2603 attached [pid 2603] set_robust_list(0x5555564336a0, 24) = 0 [pid 2603] chdir("./714") = 0 [pid 2603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2603] setpgid(0, 0) = 0 [pid 2603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2603] write(3, "1000", 4) = 4 [pid 2603] close(3) = 0 [pid 2603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2603] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2603] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2603] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2604 attached => {parent_tid=[2604]}, 88) = 2604 [pid 2603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2603] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2603] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2603] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2604] set_robust_list(0x7f22e15909a0, 24 [pid 2603] <... mprotect resumed>) = 0 [pid 2603] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2604] <... set_robust_list resumed>) = 0 [pid 2603] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2604] rt_sigprocmask(SIG_SETMASK, [], [pid 2603] <... clone3 resumed> => {parent_tid=[2605]}, 88) = 2605 [pid 2603] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2605 attached [pid 2604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2603] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2603] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2605] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2605] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2605] creat("./bus", 000 [pid 2604] memfd_create("syzkaller", 0) = 3 [pid 2604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2605] <... creat resumed>) = 4 [pid 2605] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2604] <... mmap resumed>) = 0x7f22d914f000 [pid 2605] <... futex resumed>) = 1 [pid 2603] <... futex resumed>) = 0 [pid 2603] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2603] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2605] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2605] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2603] <... futex resumed>) = 0 [pid 2603] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2603] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2605] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2605] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2603] <... futex resumed>) = 0 [pid 2603] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2603] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2605] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2605] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2603] <... futex resumed>) = 0 [pid 2603] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2604] +++ killed by SIGBUS +++ [pid 2605] +++ killed by SIGBUS +++ [pid 2603] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2603, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./714", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./714", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./714/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./714/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./714/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./714/bus") = 0 umount2("./714/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./714/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./714/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./714") = 0 mkdir("./715", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2606 ./strace-static-x86_64: Process 2606 attached [pid 2606] set_robust_list(0x5555564336a0, 24) = 0 [pid 2606] chdir("./715") = 0 [pid 2606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2606] setpgid(0, 0) = 0 [pid 2606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2606] write(3, "1000", 4) = 4 [pid 2606] close(3) = 0 [pid 2606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2606] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2606] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2606] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2607 attached => {parent_tid=[2607]}, 88) = 2607 [pid 2607] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2607] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2606] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2607] <... futex resumed>) = 0 [pid 2607] memfd_create("syzkaller", 0) = 3 [pid 2606] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2606] <... futex resumed>) = 0 [pid 2606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2606] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2608]}, 88) = 2608 [pid 2606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2606] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2606] <... futex resumed>) = 0 [pid 2606] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2608 attached [pid 2608] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2607] <... write resumed>) = 262144 [pid 2608] creat("./bus", 000 [pid 2607] munmap(0x7f22d9170000, 138412032 [pid 2608] <... creat resumed>) = 4 [pid 2608] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2607] <... munmap resumed>) = 0 [pid 2608] <... futex resumed>) = 1 [pid 2606] <... futex resumed>) = 0 [pid 2607] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2608] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2606] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2608] <... mount resumed>) = 0 [pid 2606] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2608] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2607] <... openat resumed>) = 5 [pid 2608] <... futex resumed>) = 0 [pid 2607] ioctl(5, LOOP_SET_FD, 3 [pid 2606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2608] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2606] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2608] <... open resumed>) = 6 [pid 2606] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2608] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2608] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2607] <... ioctl resumed>) = 0 [pid 2606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2607] close(3 [pid 2606] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2607] <... close resumed>) = 0 [pid 2606] <... futex resumed>) = 1 [pid 2608] <... futex resumed>) = 0 [pid 2606] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2608] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2607] close(5) = 0 [pid 2608] <... mmap resumed>) = 0x20000000 [pid 2608] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2608] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2607] mkdir(0x200000c0, 0777 [pid 2606] <... futex resumed>) = 0 [pid 2606] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2607] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2607] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2607] ioctl(3, LOOP_CLR_FD) = 0 [pid 2607] close(3) = 0 [pid 2607] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2607] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2608] <... futex resumed>) = 0 [pid 2608] memfd_create("syzkaller", 0) = 3 [pid 2608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2608] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2608] munmap(0x7f22d9170000, 138412032) = 0 [pid 2608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2608] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2608] ioctl(5, LOOP_CLR_FD) = 0 [pid 2608] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2608] close(5) = 0 [pid 2608] close(3) = 0 [pid 2608] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2608] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2606] exit_group(0 [pid 2607] <... futex resumed>) = ? [pid 2606] <... exit_group resumed>) = ? [pid 2608] <... futex resumed>) = ? [pid 2607] +++ exited with 0 +++ [pid 2608] +++ exited with 0 +++ [pid 2606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2606, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./715", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./715", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./715/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./715/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./715/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./715/bus") = 0 umount2("./715/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./715/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./715/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./715") = 0 mkdir("./716", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2609 ./strace-static-x86_64: Process 2609 attached [pid 2609] set_robust_list(0x5555564336a0, 24) = 0 [pid 2609] chdir("./716") = 0 [pid 2609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2609] setpgid(0, 0) = 0 [pid 2609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2609] write(3, "1000", 4) = 4 [pid 2609] close(3) = 0 [pid 2609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2609] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2609] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2609] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2610 attached => {parent_tid=[2610]}, 88) = 2610 [pid 2610] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2610] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2610] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2609] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2610] <... futex resumed>) = 0 [pid 2609] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2610] memfd_create("syzkaller", 0) = 3 [pid 2610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2609] <... futex resumed>) = 0 [pid 2609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2609] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [ 58.926852][ T2607] loop0: detected capacity change from 0 to 512 [pid 2609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2609] <... clone3 resumed> => {parent_tid=[2611]}, 88) = 2611 [pid 2609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2609] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2611 attached [pid 2610] <... write resumed>) = 262144 [pid 2611] set_robust_list(0x7f22d916f9a0, 24 [pid 2610] munmap(0x7f22d9170000, 138412032 [pid 2611] <... set_robust_list resumed>) = 0 [pid 2610] <... munmap resumed>) = 0 [pid 2610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2610] ioctl(4, LOOP_SET_FD, 3 [pid 2609] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2611] creat("./bus", 000) = 5 [pid 2611] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2609] <... futex resumed>) = 0 [pid 2609] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2611] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2611] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2609] <... futex resumed>) = 0 [pid 2609] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2611] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2611] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2609] <... futex resumed>) = 0 [pid 2609] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2611] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2610] <... ioctl resumed>) = 0 [pid 2610] close(3) = 0 [pid 2610] close(4) = 0 [pid 2610] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2610] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2610] ioctl(3, LOOP_CLR_FD) = 0 [pid 2610] close(3) = 0 [pid 2610] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2610] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2611] <... mmap resumed>) = 0x20000000 [pid 2611] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2609] <... futex resumed>) = 0 [pid 2609] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2610] <... futex resumed>) = 0 [pid 2610] memfd_create("syzkaller", 0) = 3 [pid 2610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2611] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2610] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2610] munmap(0x7f22d9170000, 138412032) = 0 [pid 2610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2610] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2610] ioctl(4, LOOP_CLR_FD) = 0 [pid 2610] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2610] close(4) = 0 [pid 2610] close(3) = 0 [pid 2610] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2610] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2609] exit_group(0) = ? [pid 2611] <... futex resumed>) = ? [pid 2611] +++ exited with 0 +++ [pid 2610] <... futex resumed>) = ? [pid 2610] +++ exited with 0 +++ [pid 2609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2609, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./716", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./716", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./716/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./716/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./716/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./716/bus") = 0 umount2("./716/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./716/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./716/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./716") = 0 mkdir("./717", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2612 ./strace-static-x86_64: Process 2612 attached [pid 2612] set_robust_list(0x5555564336a0, 24) = 0 [pid 2612] chdir("./717") = 0 [pid 2612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2612] setpgid(0, 0) = 0 [pid 2612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2612] write(3, "1000", 4) = 4 [pid 2612] close(3) = 0 [pid 2612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2612] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2612] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2612] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 58.989903][ T2610] loop0: detected capacity change from 0 to 512 [pid 2612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2613 attached => {parent_tid=[2613]}, 88) = 2613 [pid 2613] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2613] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2612] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2613] <... futex resumed>) = 0 [pid 2613] memfd_create("syzkaller", 0 [pid 2612] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2613] <... memfd_create resumed>) = 3 [pid 2613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2612] <... futex resumed>) = 0 [pid 2612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2612] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2614]}, 88) = 2614 [pid 2612] rt_sigprocmask(SIG_SETMASK, [], [pid 2613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2612] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2612] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2614 attached [pid 2613] <... write resumed>) = 262144 [pid 2613] munmap(0x7f22d9170000, 138412032) = 0 [pid 2613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2613] ioctl(4, LOOP_SET_FD, 3 [pid 2614] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2614] creat("./bus", 000) = 5 [pid 2614] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2612] <... futex resumed>) = 0 [pid 2612] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2612] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2614] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2614] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2612] <... futex resumed>) = 0 [pid 2612] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2612] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2614] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2614] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2612] <... futex resumed>) = 0 [pid 2612] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2612] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2614] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2613] <... ioctl resumed>) = 0 [pid 2613] close(3) = 0 [pid 2613] close(4 [pid 2614] <... mmap resumed>) = 0x20000000 [pid 2613] <... close resumed>) = 0 [pid 2613] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2613] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2613] ioctl(3, LOOP_CLR_FD) = 0 [pid 2613] close(3) = 0 [pid 2613] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2613] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2614] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2612] <... futex resumed>) = 0 [pid 2612] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2613] <... futex resumed>) = 0 [pid 2614] <... futex resumed>) = 1 [pid 2613] memfd_create("syzkaller", 0 [pid 2614] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2613] <... memfd_create resumed>) = 3 [pid 2613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2613] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2613] munmap(0x7f22d9170000, 138412032) = 0 [pid 2613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2613] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2613] ioctl(4, LOOP_CLR_FD) = 0 [pid 2613] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2613] close(4) = 0 [pid 2613] close(3) = 0 [pid 2613] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2613] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2612] exit_group(0 [pid 2614] <... futex resumed>) = ? [pid 2612] <... exit_group resumed>) = ? [pid 2614] +++ exited with 0 +++ [pid 2613] <... futex resumed>) = ? [pid 2613] +++ exited with 0 +++ [pid 2612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2612, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./717", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./717", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./717/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./717/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./717/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./717/bus") = 0 umount2("./717/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./717/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./717/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./717") = 0 mkdir("./718", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2615 ./strace-static-x86_64: Process 2615 attached [pid 2615] set_robust_list(0x5555564336a0, 24) = 0 [pid 2615] chdir("./718") = 0 [pid 2615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2615] setpgid(0, 0) = 0 [pid 2615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2615] write(3, "1000", 4) = 4 [pid 2615] close(3) = 0 [pid 2615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2615] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2615] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2615] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2616]}, 88) = 2616 ./strace-static-x86_64: Process 2616 attached [pid 2616] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2616] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2615] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2616] <... futex resumed>) = 0 [pid 2616] memfd_create("syzkaller", 0 [pid 2615] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2616] <... memfd_create resumed>) = 3 [pid 2615] <... futex resumed>) = 0 [pid 2616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2616] <... mmap resumed>) = 0x7f22d9170000 [pid 2615] <... mmap resumed>) = 0x7f22d914f000 [pid 2615] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2617]}, 88) = 2617 [pid 2615] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2617 attached [pid 2616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2617] set_robust_list(0x7f22d916f9a0, 24 [pid 2615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2615] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2617] <... set_robust_list resumed>) = 0 [pid 2616] <... write resumed>) = 262144 [pid 2616] munmap(0x7f22d9170000, 138412032 [pid 2617] rt_sigprocmask(SIG_SETMASK, [], [pid 2616] <... munmap resumed>) = 0 [pid 2616] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2616] <... openat resumed>) = 4 [pid 2616] ioctl(4, LOOP_SET_FD, 3 [pid 2617] creat("./bus", 000) = 5 [ 59.056114][ T2613] loop0: detected capacity change from 0 to 512 [pid 2617] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2615] <... futex resumed>) = 0 [pid 2615] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2617] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2617] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2615] <... futex resumed>) = 0 [pid 2615] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2617] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2617] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2615] <... futex resumed>) = 0 [pid 2615] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2617] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2616] <... ioctl resumed>) = 0 [pid 2616] close(3) = 0 [pid 2616] close(4) = 0 [pid 2616] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2616] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2616] ioctl(3, LOOP_CLR_FD) = 0 [pid 2616] close(3) = 0 [pid 2616] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2616] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2617] <... mmap resumed>) = 0x20000000 [pid 2617] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2615] <... futex resumed>) = 0 [pid 2615] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2617] <... futex resumed>) = 1 [pid 2616] <... futex resumed>) = 0 [pid 2616] memfd_create("syzkaller", 0) = 3 [pid 2616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2617] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2616] <... mmap resumed>) = 0x7f22d9170000 [pid 2616] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2616] munmap(0x7f22d9170000, 138412032) = 0 [pid 2616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2616] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2616] ioctl(4, LOOP_CLR_FD) = 0 [pid 2616] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2616] close(4) = 0 [pid 2616] close(3) = 0 [pid 2616] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] exit_group(0 [pid 2617] <... futex resumed>) = ? [pid 2615] <... exit_group resumed>) = ? [pid 2617] +++ exited with 0 +++ [pid 2616] +++ exited with 0 +++ [pid 2615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2615, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./718", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./718", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./718/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./718/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./718/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./718/bus") = 0 umount2("./718/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./718/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./718/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./718") = 0 mkdir("./719", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2618 ./strace-static-x86_64: Process 2618 attached [pid 2618] set_robust_list(0x5555564336a0, 24) = 0 [pid 2618] chdir("./719") = 0 [pid 2618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2618] setpgid(0, 0) = 0 [pid 2618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2618] write(3, "1000", 4) = 4 [pid 2618] close(3) = 0 [pid 2618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2618] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2618] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2618] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2618] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2619 attached [pid 2619] set_robust_list(0x7f22e15909a0, 24 [pid 2618] <... clone3 resumed> => {parent_tid=[2619]}, 88) = 2619 [pid 2619] <... set_robust_list resumed>) = 0 [pid 2618] rt_sigprocmask(SIG_SETMASK, [], [pid 2619] rt_sigprocmask(SIG_SETMASK, [], [pid 2618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2618] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2618] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2619] memfd_create("syzkaller", 0 [pid 2618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2619] <... memfd_create resumed>) = 3 [pid 2618] <... mmap resumed>) = 0x7f22e154f000 [pid 2618] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2618] <... mprotect resumed>) = 0 [pid 2619] <... mmap resumed>) = 0x7f22d914f000 [pid 2618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2620]}, 88) = 2620 ./strace-static-x86_64: Process 2620 attached [pid 2620] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2620] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2618] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2620] <... futex resumed>) = 0 [pid 2620] creat("./bus", 000 [pid 2618] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2620] <... creat resumed>) = 4 [pid 2620] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2620] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2618] <... futex resumed>) = 0 [pid 2618] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2620] <... futex resumed>) = 0 [pid 2620] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2618] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2620] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2618] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2620] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2618] <... futex resumed>) = 0 [pid 2618] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2620] <... open resumed>) = 5 [pid 2620] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2618] <... futex resumed>) = 0 [pid 2618] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2618] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2620] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2619] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dc8} --- [pid 2620] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2620] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2618] <... futex resumed>) = 0 [pid 2620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2618] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.114898][ T2616] loop0: detected capacity change from 0 to 512 [pid 2620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2619] +++ killed by SIGBUS +++ [pid 2620] +++ killed by SIGBUS +++ [pid 2618] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2618, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./719", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./719", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./719/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./719/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./719/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./719/bus") = 0 umount2("./719/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./719/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./719/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./719") = 0 mkdir("./720", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2621 ./strace-static-x86_64: Process 2621 attached [pid 2621] set_robust_list(0x5555564336a0, 24) = 0 [pid 2621] chdir("./720") = 0 [pid 2621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2621] setpgid(0, 0) = 0 [pid 2621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2621] write(3, "1000", 4) = 4 [pid 2621] close(3) = 0 [pid 2621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2621] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2621] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2621] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2622]}, 88) = 2622 [pid 2621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2621] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2621] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2621] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2623]}, 88) = 2623 [pid 2621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2621] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2621] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2623 attached [pid 2623] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2623] creat("./bus", 000) = 3 [pid 2623] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2621] <... futex resumed>) = 0 [pid 2621] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2621] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2623] <... futex resumed>) = 1 [pid 2623] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2623] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2621] <... futex resumed>) = 0 [pid 2621] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2621] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2623] <... futex resumed>) = 1 [pid 2623] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2623] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2621] <... futex resumed>) = 0 [pid 2621] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2621] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2623] <... futex resumed>) = 1 [pid 2623] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2623] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2621] <... futex resumed>) = 0 [pid 2621] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2623] <... futex resumed>) = 1 [pid 2623] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2623] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2622 attached [pid 2622] +++ killed by SIGBUS +++ [pid 2621] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2621, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./720", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./720", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./720/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./720/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./720/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./720/bus") = 0 umount2("./720/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./720/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./720/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./720") = 0 mkdir("./721", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2624 ./strace-static-x86_64: Process 2624 attached [pid 2624] set_robust_list(0x5555564336a0, 24) = 0 [pid 2624] chdir("./721") = 0 [pid 2624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2624] setpgid(0, 0) = 0 [pid 2624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2624] write(3, "1000", 4) = 4 [pid 2624] close(3) = 0 [pid 2624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2624] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2624] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2624] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2624] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2625 attached [pid 2625] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2625] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2624] <... clone3 resumed> => {parent_tid=[2625]}, 88) = 2625 [pid 2624] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2624] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2624] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2625] <... futex resumed>) = 0 [pid 2625] memfd_create("syzkaller", 0) = 3 [pid 2625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2624] <... futex resumed>) = 0 [pid 2624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2624] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2624] <... clone3 resumed> => {parent_tid=[2626]}, 88) = 2626 [pid 2624] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2624] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2625] <... write resumed>) = 262144 ./strace-static-x86_64: Process 2626 attached [pid 2625] munmap(0x7f22d9170000, 138412032 [pid 2626] set_robust_list(0x7f22d916f9a0, 24 [pid 2624] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2626] <... set_robust_list resumed>) = 0 [pid 2625] <... munmap resumed>) = 0 [pid 2626] rt_sigprocmask(SIG_SETMASK, [], [pid 2625] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2625] <... openat resumed>) = 4 [pid 2626] creat("./bus", 000 [pid 2625] ioctl(4, LOOP_SET_FD, 3 [pid 2626] <... creat resumed>) = 5 [pid 2626] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2624] <... futex resumed>) = 0 [pid 2624] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2624] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2626] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2626] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2624] <... futex resumed>) = 0 [pid 2624] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2624] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2626] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2626] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2624] <... futex resumed>) = 0 [pid 2624] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2624] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2626] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2625] <... ioctl resumed>) = 0 [pid 2625] close(3) = 0 [pid 2625] close(4) = 0 [pid 2625] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2625] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2625] ioctl(3, LOOP_CLR_FD) = 0 [pid 2625] close(3) = 0 [pid 2625] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2625] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2626] <... mmap resumed>) = 0x20000000 [pid 2626] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2624] <... futex resumed>) = 0 [pid 2624] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2625] <... futex resumed>) = 0 [pid 2625] memfd_create("syzkaller", 0) = 3 [pid 2625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2626] <... futex resumed>) = 1 [pid 2626] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2625] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2625] munmap(0x7f22d9170000, 138412032) = 0 [pid 2625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2625] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2625] ioctl(4, LOOP_CLR_FD) = 0 [pid 2625] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2625] close(4) = 0 [pid 2625] close(3) = 0 [pid 2625] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2625] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2624] exit_group(0 [pid 2626] <... futex resumed>) = ? [pid 2624] <... exit_group resumed>) = ? [pid 2626] +++ exited with 0 +++ [pid 2625] <... futex resumed>) = ? [pid 2625] +++ exited with 0 +++ [pid 2624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2624, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./721", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./721", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./721/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./721/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./721/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./721/bus") = 0 umount2("./721/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./721/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./721/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./721") = 0 mkdir("./722", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2627 ./strace-static-x86_64: Process 2627 attached [pid 2627] set_robust_list(0x5555564336a0, 24) = 0 [pid 2627] chdir("./722") = 0 [pid 2627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2627] setpgid(0, 0) = 0 [pid 2627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2627] write(3, "1000", 4) = 4 [pid 2627] close(3) = 0 [pid 2627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2627] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2627] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2627] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2628]}, 88) = 2628 [pid 2627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2627] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2627] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2627] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2629]}, 88) = 2629 ./strace-static-x86_64: Process 2629 attached [pid 2627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2627] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2627] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2628 attached [pid 2628] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2628] memfd_create("syzkaller", 0) = 3 [pid 2628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2629] set_robust_list(0x7f22e156f9a0, 24 [pid 2628] <... mmap resumed>) = 0x7f22d914f000 [pid 2629] <... set_robust_list resumed>) = 0 [pid 2629] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2629] creat("./bus", 000) = 4 [pid 2629] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2627] <... futex resumed>) = 0 [pid 2629] <... futex resumed>) = 1 [pid 2627] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2627] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2629] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2629] <... mount resumed>) = 0 [pid 2629] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2627] <... futex resumed>) = 0 [pid 2627] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2627] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2629] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2628] <... write resumed>) = 262144 [ 59.200189][ T2625] loop0: detected capacity change from 0 to 512 [pid 2629] <... open resumed>) = 5 [pid 2628] munmap(0x7f22d914f000, 138412032 [pid 2629] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2628] <... munmap resumed>) = 0 [pid 2627] <... futex resumed>) = 0 [pid 2627] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2627] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2629] <... futex resumed>) = 1 [pid 2629] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2629] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2627] <... futex resumed>) = 0 [pid 2627] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2629] <... futex resumed>) = 1 [pid 2628] ioctl(6, LOOP_SET_FD, 3 [pid 2629] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2629] +++ killed by SIGBUS +++ [pid 2628] <... ioctl resumed>) = ? [pid 2628] +++ killed by SIGBUS +++ [pid 2627] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2627, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./722", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./722", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./722/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./722/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./722/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./722/bus") = 0 umount2("./722/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./722/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./722/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./722") = 0 mkdir("./723", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 59.268306][ T2628] loop0: detected capacity change from 0 to 512 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2630 ./strace-static-x86_64: Process 2630 attached [pid 2630] set_robust_list(0x5555564336a0, 24) = 0 [pid 2630] chdir("./723") = 0 [pid 2630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2630] setpgid(0, 0) = 0 [pid 2630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2630] write(3, "1000", 4) = 4 [pid 2630] close(3) = 0 [pid 2630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2630] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2630] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2630] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2631 attached [pid 2631] set_robust_list(0x7f22e15909a0, 24 [pid 2630] <... clone3 resumed> => {parent_tid=[2631]}, 88) = 2631 [pid 2631] <... set_robust_list resumed>) = 0 [pid 2630] rt_sigprocmask(SIG_SETMASK, [], [pid 2631] rt_sigprocmask(SIG_SETMASK, [], [pid 2630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2630] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2631] memfd_create("syzkaller", 0 [pid 2630] <... futex resumed>) = 0 [pid 2630] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2631] <... memfd_create resumed>) = 3 [pid 2631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2630] <... futex resumed>) = 0 [pid 2630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2631] <... mmap resumed>) = 0x7f22d9170000 [pid 2630] <... mmap resumed>) = 0x7f22d914f000 [pid 2630] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2632]}, 88) = 2632 [pid 2630] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2630] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2632 attached [pid 2632] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2632] creat("./bus", 000) = 4 [pid 2632] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2630] <... futex resumed>) = 0 [pid 2630] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2632] <... futex resumed>) = 1 [pid 2632] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2632] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2630] <... futex resumed>) = 0 [pid 2630] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2632] <... futex resumed>) = 1 [pid 2632] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2632] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2630] <... futex resumed>) = 0 [pid 2630] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2632] <... futex resumed>) = 1 [pid 2632] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2631] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d9b} --- [pid 2632] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2630] <... futex resumed>) = 0 [pid 2630] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2632] <... futex resumed>) = 1 [pid 2632] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2632] +++ killed by SIGBUS +++ [pid 2631] +++ killed by SIGBUS +++ [pid 2630] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2630, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./723", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./723", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./723/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./723/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./723/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./723/bus") = 0 umount2("./723/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./723/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./723/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./723") = 0 mkdir("./724", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2633 ./strace-static-x86_64: Process 2633 attached [pid 2633] set_robust_list(0x5555564336a0, 24) = 0 [pid 2633] chdir("./724") = 0 [pid 2633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2633] setpgid(0, 0) = 0 [pid 2633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2633] write(3, "1000", 4) = 4 [pid 2633] close(3) = 0 [pid 2633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2633] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2633] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2633] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2634 attached [pid 2634] set_robust_list(0x7f22e15909a0, 24 [pid 2633] <... clone3 resumed> => {parent_tid=[2634]}, 88) = 2634 [pid 2634] <... set_robust_list resumed>) = 0 [pid 2633] rt_sigprocmask(SIG_SETMASK, [], [pid 2634] rt_sigprocmask(SIG_SETMASK, [], [pid 2633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2633] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2634] memfd_create("syzkaller", 0 [pid 2633] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2634] <... memfd_create resumed>) = 3 [pid 2634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2633] <... futex resumed>) = 0 [pid 2633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2634] <... mmap resumed>) = 0x7f22d9170000 [pid 2633] <... mmap resumed>) = 0x7f22d914f000 [pid 2633] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2635 attached => {parent_tid=[2635]}, 88) = 2635 [pid 2635] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2635] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2633] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2635] <... futex resumed>) = 0 [pid 2635] creat("./bus", 000 [pid 2633] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2635] <... creat resumed>) = 4 [pid 2635] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2635] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2633] <... futex resumed>) = 0 [pid 2633] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2633] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2635] <... futex resumed>) = 0 [pid 2635] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2635] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2635] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2633] <... futex resumed>) = 0 [pid 2633] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2635] <... futex resumed>) = 0 [pid 2633] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2635] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2635] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2633] <... futex resumed>) = 0 [pid 2635] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2633] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2633] <... futex resumed>) = 0 [pid 2635] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2633] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2635] <... mmap resumed>) = 0x20000000 [pid 2634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2635] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2634] <... write resumed>) = 262144 [pid 2635] <... futex resumed>) = 1 [pid 2634] munmap(0x7f22d9170000, 138412032 [pid 2633] <... futex resumed>) = 0 [pid 2633] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2634] <... munmap resumed>) = 0 [pid 2635] +++ killed by SIGBUS +++ [pid 2634] +++ killed by SIGBUS +++ [pid 2633] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2633, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./724", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./724", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./724/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./724/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./724/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./724/bus") = 0 umount2("./724/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./724/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./724/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./724") = 0 mkdir("./725", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2636 ./strace-static-x86_64: Process 2636 attached [pid 2636] set_robust_list(0x5555564336a0, 24) = 0 [pid 2636] chdir("./725") = 0 [pid 2636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2636] setpgid(0, 0) = 0 [pid 2636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2636] write(3, "1000", 4) = 4 [pid 2636] close(3) = 0 [pid 2636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2636] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2636] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2636] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2636] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2636] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2637 attached => {parent_tid=[2637]}, 88) = 2637 [pid 2637] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2637] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2636] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2636] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2637] <... futex resumed>) = 0 [pid 2637] memfd_create("syzkaller", 0) = 3 [pid 2637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2636] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2636] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2636] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2636] <... clone3 resumed> => {parent_tid=[2638]}, 88) = 2638 [pid 2636] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2636] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2638 attached [pid 2637] <... write resumed>) = 262144 [pid 2638] set_robust_list(0x7f22d916f9a0, 24 [pid 2637] munmap(0x7f22d9170000, 138412032 [pid 2636] <... futex resumed>) = 0 [pid 2636] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2638] <... set_robust_list resumed>) = 0 [pid 2637] <... munmap resumed>) = 0 [pid 2637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2637] ioctl(4, LOOP_SET_FD, 3 [pid 2638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2638] creat("./bus", 000) = 5 [pid 2638] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2636] <... futex resumed>) = 0 [pid 2636] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2636] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2638] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2638] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2636] <... futex resumed>) = 0 [pid 2636] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2636] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2638] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2638] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2636] <... futex resumed>) = 0 [pid 2636] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2636] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2638] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2637] <... ioctl resumed>) = 0 [pid 2637] close(3) = 0 [pid 2637] close(4 [pid 2638] <... mmap resumed>) = 0x20000000 [pid 2638] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2636] <... futex resumed>) = 0 [pid 2636] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2638] <... futex resumed>) = 1 [pid 2638] memfd_create("syzkaller", 0) = 3 [pid 2638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2637] <... close resumed>) = 0 [pid 2637] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2637] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2637] ioctl(4, LOOP_CLR_FD) = 0 [pid 2637] close(4) = 0 [pid 2637] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2637] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2638] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2638] munmap(0x7f22d9170000, 138412032) = 0 [pid 2638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2638] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2638] ioctl(4, LOOP_CLR_FD) = 0 [pid 2638] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2638] close(4) = 0 [pid 2638] close(3) = 0 [pid 2638] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2638] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2636] exit_group(0 [pid 2637] <... futex resumed>) = ? [pid 2636] <... exit_group resumed>) = ? [pid 2637] +++ exited with 0 +++ [pid 2638] <... futex resumed>) = ? [pid 2638] +++ exited with 0 +++ [pid 2636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2636, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./725", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./725", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./725/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./725/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./725/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./725/bus") = 0 umount2("./725/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./725/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./725/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./725") = 0 mkdir("./726", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2640 ./strace-static-x86_64: Process 2640 attached [pid 2640] set_robust_list(0x5555564336a0, 24) = 0 [pid 2640] chdir("./726") = 0 [pid 2640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2640] setpgid(0, 0) = 0 [pid 2640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2640] write(3, "1000", 4) = 4 [pid 2640] close(3) = 0 [pid 2640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2640] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2640] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2640] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2640] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2641 attached => {parent_tid=[2641]}, 88) = 2641 [pid 2641] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2640] rt_sigprocmask(SIG_SETMASK, [], [pid 2641] rt_sigprocmask(SIG_SETMASK, [], [pid 2640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2640] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2641] memfd_create("syzkaller", 0 [pid 2640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2641] <... memfd_create resumed>) = 3 [pid 2640] <... mmap resumed>) = 0x7f22e154f000 [pid 2640] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2640] <... mprotect resumed>) = 0 [pid 2640] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2641] <... mmap resumed>) = 0x7f22d914f000 [pid 2640] <... rt_sigprocmask resumed>[], 8) = 0 [ 59.399127][ T2637] loop0: detected capacity change from 0 to 512 [pid 2640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2642 attached => {parent_tid=[2642]}, 88) = 2642 [pid 2642] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2642] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2640] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2642] <... futex resumed>) = 0 [pid 2642] creat("./bus", 000 [pid 2640] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2642] <... creat resumed>) = 4 [pid 2642] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2642] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2640] <... futex resumed>) = 0 [pid 2640] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2642] <... futex resumed>) = 0 [pid 2642] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2640] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2642] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2640] <... futex resumed>) = 0 [pid 2640] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2642] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2642] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2640] <... futex resumed>) = 0 [pid 2642] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2640] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2640] <... futex resumed>) = 0 [pid 2642] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2640] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2642] <... mmap resumed>) = 0x20000000 [pid 2641] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d54} --- [pid 2642] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2640] <... futex resumed>) = 0 [pid 2640] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2642] --- stopped by SIGBUS --- [pid 2642] +++ killed by SIGBUS +++ [pid 2641] +++ killed by SIGBUS +++ [pid 2640] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2640, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./726", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./726", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./726/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./726/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./726/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./726/bus") = 0 umount2("./726/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./726/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./726/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./726") = 0 mkdir("./727", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2643 ./strace-static-x86_64: Process 2643 attached [pid 2643] set_robust_list(0x5555564336a0, 24) = 0 [pid 2643] chdir("./727") = 0 [pid 2643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2643] setpgid(0, 0) = 0 [pid 2643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2643] write(3, "1000", 4) = 4 [pid 2643] close(3) = 0 [pid 2643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2643] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2643] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2643] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2644 attached [pid 2644] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2644] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2643] <... clone3 resumed> => {parent_tid=[2644]}, 88) = 2644 [pid 2643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2643] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2643] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2644] <... futex resumed>) = 0 [pid 2644] memfd_create("syzkaller", 0 [pid 2643] <... futex resumed>) = 0 [pid 2644] <... memfd_create resumed>) = 3 [pid 2644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2644] <... mmap resumed>) = 0x7f22d9170000 [pid 2643] <... mmap resumed>) = 0x7f22d914f000 [pid 2643] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2645 attached => {parent_tid=[2645]}, 88) = 2645 [pid 2645] set_robust_list(0x7f22d916f9a0, 24 [pid 2644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2645] <... set_robust_list resumed>) = 0 [pid 2643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2645] rt_sigprocmask(SIG_SETMASK, [], [pid 2643] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2643] <... futex resumed>) = 0 [pid 2645] creat("./bus", 000 [pid 2643] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2645] <... creat resumed>) = 4 [pid 2645] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2643] <... futex resumed>) = 0 [pid 2645] <... futex resumed>) = 1 [pid 2644] <... write resumed>) = 262144 [pid 2644] munmap(0x7f22d9170000, 138412032 [pid 2643] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2644] <... munmap resumed>) = 0 [pid 2643] <... futex resumed>) = 0 [pid 2644] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2645] <... mount resumed>) = 0 [pid 2643] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2645] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2644] <... openat resumed>) = 5 [pid 2644] ioctl(5, LOOP_SET_FD, 3 [pid 2645] <... futex resumed>) = 1 [pid 2643] <... futex resumed>) = 0 [pid 2645] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2643] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2644] <... ioctl resumed>) = 0 [pid 2643] <... futex resumed>) = 0 [pid 2643] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2645] <... open resumed>) = 6 [pid 2645] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2643] <... futex resumed>) = 0 [pid 2643] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2643] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2645] <... futex resumed>) = 1 [pid 2645] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2644] close(3) = 0 [pid 2644] close(5 [pid 2645] <... mmap resumed>) = 0x20000000 [pid 2645] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2643] <... futex resumed>) = 0 [pid 2643] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2645] <... futex resumed>) = 1 [pid 2645] memfd_create("syzkaller", 0) = 3 [pid 2645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2644] <... close resumed>) = 0 [pid 2644] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2644] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2644] ioctl(5, LOOP_CLR_FD) = 0 [pid 2644] close(5) = 0 [pid 2644] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2644] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2645] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2645] munmap(0x7f22d9170000, 138412032) = 0 [pid 2645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2645] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2645] ioctl(5, LOOP_CLR_FD) = 0 [pid 2645] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2645] close(5) = 0 [pid 2645] close(3) = 0 [pid 2645] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2645] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2643] exit_group(0) = ? [pid 2644] <... futex resumed>) = ? [pid 2644] +++ exited with 0 +++ [pid 2645] <... futex resumed>) = ? [pid 2645] +++ exited with 0 +++ [pid 2643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2643, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./727", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./727", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./727/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./727/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./727/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./727/bus") = 0 umount2("./727/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./727/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./727/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./727") = 0 mkdir("./728", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2646 ./strace-static-x86_64: Process 2646 attached [pid 2646] set_robust_list(0x5555564336a0, 24) = 0 [pid 2646] chdir("./728") = 0 [pid 2646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2646] setpgid(0, 0) = 0 [pid 2646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2646] write(3, "1000", 4) = 4 [pid 2646] close(3) = 0 [pid 2646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2646] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2646] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2646] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2646] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2646] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2647]}, 88) = 2647 [pid 2646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2646] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2646] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2646] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2646] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2648]}, 88) = 2648 [pid 2646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2646] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2646] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2648 attached [pid 2648] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2648] creat("./bus", 000) = 3 [pid 2648] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2646] <... futex resumed>) = 0 [pid 2646] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2646] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2648] <... futex resumed>) = 1 [pid 2648] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2648] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2646] <... futex resumed>) = 0 [pid 2646] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2646] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2648] <... futex resumed>) = 1 [pid 2648] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2648] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2646] <... futex resumed>) = 0 [pid 2646] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2646] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2648] <... futex resumed>) = 1 [ 59.484151][ T2644] loop0: detected capacity change from 0 to 512 [pid 2648] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2648] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2646] <... futex resumed>) = 0 [pid 2646] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2648] <... futex resumed>) = 1 [pid 2648] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2648] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2647 attached [pid 2647] +++ killed by SIGBUS +++ [pid 2646] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2646, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./728", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./728", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./728/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./728/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./728/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./728/bus") = 0 umount2("./728/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./728/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./728/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./728") = 0 mkdir("./729", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2649 ./strace-static-x86_64: Process 2649 attached [pid 2649] set_robust_list(0x5555564336a0, 24) = 0 [pid 2649] chdir("./729") = 0 [pid 2649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2649] setpgid(0, 0) = 0 [pid 2649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2649] write(3, "1000", 4) = 4 [pid 2649] close(3) = 0 [pid 2649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2649] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2649] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2650]}, 88) = 2650 [pid 2649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2649] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2649] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2651]}, 88) = 2651 [pid 2649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2649] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2651 attached [pid 2651] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2651] creat("./bus", 000) = 3 [pid 2651] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2649] <... futex resumed>) = 0 [pid 2649] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2651] <... futex resumed>) = 1 [pid 2651] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2651] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2649] <... futex resumed>) = 0 [pid 2649] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2651] <... futex resumed>) = 1 [pid 2651] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2651] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2649] <... futex resumed>) = 0 [pid 2649] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2651] <... futex resumed>) = 1 [pid 2651] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2651] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2649] <... futex resumed>) = 0 [pid 2649] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2651] <... futex resumed>) = 1 [pid 2651] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2651] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2650 attached [pid 2650] +++ killed by SIGBUS +++ [pid 2649] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2649, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./729", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./729", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./729/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./729/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./729/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./729/bus") = 0 umount2("./729/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./729/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./729/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./729") = 0 mkdir("./730", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2652 ./strace-static-x86_64: Process 2652 attached [pid 2652] set_robust_list(0x5555564336a0, 24) = 0 [pid 2652] chdir("./730") = 0 [pid 2652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2652] setpgid(0, 0) = 0 [pid 2652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2652] write(3, "1000", 4) = 4 [pid 2652] close(3) = 0 [pid 2652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2652] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2652] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2652] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2652] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2653]}, 88) = 2653 [pid 2652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2652] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2652] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2652] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2654]}, 88) = 2654 [pid 2652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2652] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2652] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2654 attached [pid 2654] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2654] creat("./bus", 000./strace-static-x86_64: Process 2653 attached ) = 3 [pid 2654] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2653] set_robust_list(0x7f22e15909a0, 24 [pid 2654] <... futex resumed>) = 1 [pid 2653] <... set_robust_list resumed>) = 0 [pid 2652] <... futex resumed>) = 0 [pid 2652] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2652] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2654] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2653] memfd_create("syzkaller", 0 [pid 2654] <... mount resumed>) = 0 [pid 2654] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2653] <... memfd_create resumed>) = 4 [pid 2654] <... futex resumed>) = 1 [pid 2653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2652] <... futex resumed>) = 0 [pid 2653] <... mmap resumed>) = 0x7f22d914f000 [pid 2652] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2654] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2654] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2652] <... futex resumed>) = 0 [pid 2654] <... futex resumed>) = 0 [pid 2654] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2652] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2652] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2654] <... futex resumed>) = 0 [pid 2652] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2654] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2653] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d95} --- [pid 2652] <... futex resumed>) = ? [pid 2653] +++ killed by SIGBUS +++ [pid 2654] +++ killed by SIGBUS +++ [pid 2652] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2652, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./730", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./730", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./730/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./730/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./730/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./730/bus") = 0 umount2("./730/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./730/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./730/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./730") = 0 mkdir("./731", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2655 ./strace-static-x86_64: Process 2655 attached [pid 2655] set_robust_list(0x5555564336a0, 24) = 0 [pid 2655] chdir("./731") = 0 [pid 2655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2655] setpgid(0, 0) = 0 [pid 2655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2655] write(3, "1000", 4) = 4 [pid 2655] close(3) = 0 [pid 2655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2655] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2655] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2655] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2656 attached => {parent_tid=[2656]}, 88) = 2656 [pid 2656] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2656] rt_sigprocmask(SIG_SETMASK, [], [pid 2655] rt_sigprocmask(SIG_SETMASK, [], [pid 2656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2656] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2655] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2656] <... futex resumed>) = 0 [pid 2656] memfd_create("syzkaller", 0 [pid 2655] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2656] <... memfd_create resumed>) = 3 [pid 2656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2656] <... mmap resumed>) = 0x7f22d914f000 [pid 2655] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2657]}, 88) = 2657 [pid 2655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2655] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2657 attached [pid 2656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2657] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2656] munmap(0x7f22d914f000, 138412032 [pid 2657] rt_sigprocmask(SIG_SETMASK, [], [pid 2656] <... munmap resumed>) = 0 [pid 2657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2656] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2657] creat("./bus", 000 [pid 2656] <... openat resumed>) = 4 [pid 2656] ioctl(4, LOOP_SET_FD, 3 [pid 2657] <... creat resumed>) = 5 [pid 2657] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2655] <... futex resumed>) = 0 [pid 2655] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2657] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2657] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2655] <... futex resumed>) = 0 [pid 2655] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2657] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2657] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2655] <... futex resumed>) = 0 [pid 2655] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2657] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2656] <... ioctl resumed>) = 0 [pid 2656] close(3) = 0 [pid 2656] close(4) = 0 [pid 2656] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2656] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2656] ioctl(3, LOOP_CLR_FD) = 0 [pid 2656] close(3 [pid 2657] <... mmap resumed>) = 0x20000000 [pid 2656] <... close resumed>) = 0 [pid 2656] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2656] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2657] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2655] <... futex resumed>) = 0 [pid 2655] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2657] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2656] <... futex resumed>) = 0 [pid 2656] memfd_create("syzkaller", 0) = 3 [pid 2656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2656] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2656] munmap(0x7f22d914f000, 138412032) = 0 [pid 2656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2656] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2656] ioctl(4, LOOP_CLR_FD) = 0 [pid 2656] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2656] close(4) = 0 [pid 2656] close(3) = 0 [pid 2656] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2656] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2655] exit_group(0) = ? [pid 2657] <... futex resumed>) = ? [pid 2656] <... futex resumed>) = ? [pid 2657] +++ exited with 0 +++ [pid 2656] +++ exited with 0 +++ [pid 2655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2655, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- umount2("./731", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./731", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./731/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./731/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./731/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 59.586122][ T2656] loop0: detected capacity change from 0 to 512 [ 59.593292][ T2657] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 unlink("./731/bus") = 0 umount2("./731/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./731/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./731/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./731") = 0 mkdir("./732", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2658 ./strace-static-x86_64: Process 2658 attached [pid 2658] set_robust_list(0x5555564336a0, 24) = 0 [pid 2658] chdir("./732") = 0 [pid 2658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2658] setpgid(0, 0) = 0 [pid 2658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2658] write(3, "1000", 4) = 4 [pid 2658] close(3) = 0 [pid 2658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2658] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2658] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2658] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2658] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2658] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2658] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2659 attached [pid 2659] set_robust_list(0x7f22e15909a0, 24 [pid 2658] <... clone3 resumed> => {parent_tid=[2659]}, 88) = 2659 [pid 2659] <... set_robust_list resumed>) = 0 [pid 2658] rt_sigprocmask(SIG_SETMASK, [], [pid 2659] rt_sigprocmask(SIG_SETMASK, [], [pid 2658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2658] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2658] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2659] memfd_create("syzkaller", 0 [pid 2658] <... mmap resumed>) = 0x7f22e154f000 [pid 2659] <... memfd_create resumed>) = 3 [pid 2658] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2658] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2659] <... mmap resumed>) = 0x7f22d914f000 [pid 2658] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2660 attached => {parent_tid=[2660]}, 88) = 2660 [pid 2660] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2660] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2658] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2660] <... futex resumed>) = 0 [pid 2660] creat("./bus", 000 [pid 2658] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2660] <... creat resumed>) = 4 [pid 2660] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2660] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2658] <... futex resumed>) = 0 [pid 2658] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2658] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2660] <... futex resumed>) = 0 [pid 2660] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2660] <... mount resumed>) = 0 [pid 2660] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2658] <... futex resumed>) = 0 [pid 2660] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2658] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2658] <... futex resumed>) = 0 [pid 2658] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2660] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2660] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2658] <... futex resumed>) = 0 [pid 2660] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2658] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2658] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2660] <... mmap resumed>) = 0x20000000 [pid 2660] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2658] <... futex resumed>) = 0 [pid 2658] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2659] <... write resumed>) = ? [pid 2659] +++ killed by SIGBUS +++ [pid 2660] +++ killed by SIGBUS +++ [pid 2658] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2658, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./732", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./732", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./732/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./732/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./732/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./732/bus") = 0 umount2("./732/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./732/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./732/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./732") = 0 mkdir("./733", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2661 ./strace-static-x86_64: Process 2661 attached [pid 2661] set_robust_list(0x5555564336a0, 24) = 0 [pid 2661] chdir("./733") = 0 [pid 2661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2661] setpgid(0, 0) = 0 [pid 2661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2661] write(3, "1000", 4) = 4 [pid 2661] close(3) = 0 [pid 2661] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2661] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2661] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2661] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2661] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2662 attached [pid 2662] set_robust_list(0x7f22e15909a0, 24 [pid 2661] <... clone3 resumed> => {parent_tid=[2662]}, 88) = 2662 [pid 2662] <... set_robust_list resumed>) = 0 [pid 2661] rt_sigprocmask(SIG_SETMASK, [], [pid 2662] rt_sigprocmask(SIG_SETMASK, [], [pid 2661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2661] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2661] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2662] memfd_create("syzkaller", 0 [pid 2661] <... futex resumed>) = 0 [pid 2662] <... memfd_create resumed>) = 3 [pid 2661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2661] <... mmap resumed>) = 0x7f22d914f000 [pid 2661] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2663]}, 88) = 2663 [pid 2661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2661] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2661] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2662] munmap(0x7f22d9170000, 138412032) = 0 [pid 2662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2662] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2663 attached ) = 0 [pid 2662] close(3) = 0 [pid 2662] close(4) = 0 [pid 2663] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2663] creat("./bus", 000) = 3 [pid 2663] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2661] <... futex resumed>) = 0 [pid 2663] <... futex resumed>) = 1 [pid 2661] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2663] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2661] <... futex resumed>) = 0 [pid 2662] mkdir("./file0", 0777 [pid 2661] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2663] <... mount resumed>) = 0 [pid 2662] <... mkdir resumed>) = 0 [pid 2663] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2662] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2661] <... futex resumed>) = 0 [pid 2663] <... futex resumed>) = 1 [pid 2661] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2663] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2661] <... futex resumed>) = 0 [pid 2661] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2663] <... open resumed>) = 4 [pid 2663] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2661] <... futex resumed>) = 0 [pid 2663] <... futex resumed>) = 1 [pid 2661] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2663] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2661] <... futex resumed>) = 0 [pid 2661] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2662] <... mount resumed>) = 0 [pid 2662] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2662] ioctl(5, LOOP_CLR_FD) = 0 [pid 2662] close(5 [pid 2663] <... mmap resumed>) = 0x20000000 [pid 2662] <... close resumed>) = 0 [pid 2662] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2662] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2663] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2661] <... futex resumed>) = 0 [pid 2661] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2662] <... futex resumed>) = 0 [pid 2661] <... futex resumed>) = 1 [pid 2662] memfd_create("syzkaller", 0) = 5 [pid 2662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2663] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2662] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2662] munmap(0x7f22d9170000, 138412032) = 0 [pid 2662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2662] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2662] ioctl(6, LOOP_CLR_FD) = 0 [pid 2662] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2662] close(6) = 0 [pid 2662] close(5) = 0 [pid 2662] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2662] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2661] exit_group(0 [pid 2663] <... futex resumed>) = ? [pid 2661] <... exit_group resumed>) = ? [pid 2663] +++ exited with 0 +++ [pid 2662] <... futex resumed>) = ? [pid 2662] +++ exited with 0 +++ [pid 2661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2661, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./733", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./733", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./733/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./733/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./733/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./733/bus") = 0 umount2("./733/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./733/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./733/binderfs") = 0 umount2("./733/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 59.688849][ T2662] loop0: detected capacity change from 0 to 512 [ 59.701788][ T2662] EXT4-fs (loop0): 1 truncate cleaned up umount2("./733/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./733/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./733/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./733/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./733/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./733") = 0 mkdir("./734", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2666 ./strace-static-x86_64: Process 2666 attached [pid 2666] set_robust_list(0x5555564336a0, 24) = 0 [pid 2666] chdir("./734") = 0 [pid 2666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2666] setpgid(0, 0) = 0 [pid 2666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2666] write(3, "1000", 4) = 4 [pid 2666] close(3) = 0 [pid 2666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2666] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2666] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2666] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2666] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2666] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2667 attached [pid 2667] set_robust_list(0x7f22e15909a0, 24 [pid 2666] <... clone3 resumed> => {parent_tid=[2667]}, 88) = 2667 [pid 2667] <... set_robust_list resumed>) = 0 [pid 2666] rt_sigprocmask(SIG_SETMASK, [], [pid 2667] rt_sigprocmask(SIG_SETMASK, [], [pid 2666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2666] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2667] memfd_create("syzkaller", 0 [pid 2666] <... futex resumed>) = 0 [pid 2667] <... memfd_create resumed>) = 3 [pid 2666] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2666] <... futex resumed>) = 0 [pid 2667] <... mmap resumed>) = 0x7f22d9170000 [pid 2666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2666] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2666] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2667] <... write resumed>) = 262144 [pid 2667] munmap(0x7f22d9170000, 138412032 [pid 2666] <... clone3 resumed> => {parent_tid=[2668]}, 88) = 2668 ./strace-static-x86_64: Process 2668 attached [pid 2667] <... munmap resumed>) = 0 [pid 2668] set_robust_list(0x7f22d916f9a0, 24 [pid 2667] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2668] <... set_robust_list resumed>) = 0 [pid 2667] <... openat resumed>) = 4 [pid 2668] rt_sigprocmask(SIG_SETMASK, [], [pid 2667] ioctl(4, LOOP_SET_FD, 3 [pid 2666] rt_sigprocmask(SIG_SETMASK, [], [pid 2668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2666] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2666] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2668] creat("./bus", 000) = 5 [pid 2668] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2666] <... futex resumed>) = 0 [pid 2666] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2666] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2668] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2668] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2666] <... futex resumed>) = 0 [pid 2666] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2666] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2668] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2668] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2666] <... futex resumed>) = 0 [pid 2666] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2666] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2668] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2667] <... ioctl resumed>) = 0 [pid 2667] close(3) = 0 [pid 2667] close(4) = 0 [pid 2667] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2667] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2667] ioctl(3, LOOP_CLR_FD) = 0 [pid 2667] close(3) = 0 [pid 2667] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2667] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2668] <... mmap resumed>) = 0x20000000 [pid 2668] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2666] <... futex resumed>) = 0 [pid 2666] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2667] <... futex resumed>) = 0 [pid 2667] memfd_create("syzkaller", 0) = 3 [pid 2667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2668] <... futex resumed>) = 1 [pid 2668] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2667] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2667] munmap(0x7f22d9170000, 138412032) = 0 [pid 2667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2667] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2667] ioctl(4, LOOP_CLR_FD) = 0 [pid 2667] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2667] close(4) = 0 [pid 2667] close(3) = 0 [pid 2667] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2667] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2666] exit_group(0 [pid 2668] <... futex resumed>) = ? [pid 2666] <... exit_group resumed>) = ? [pid 2668] +++ exited with 0 +++ [pid 2667] <... futex resumed>) = ? [pid 2667] +++ exited with 0 +++ [pid 2666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2666, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./734", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./734", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./734/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./734/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./734/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./734/bus") = 0 umount2("./734/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./734/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./734/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./734") = 0 mkdir("./735", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2669 ./strace-static-x86_64: Process 2669 attached [pid 2669] set_robust_list(0x5555564336a0, 24) = 0 [pid 2669] chdir("./735") = 0 [pid 2669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2669] setpgid(0, 0) = 0 [pid 2669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2669] write(3, "1000", 4) = 4 [pid 2669] close(3) = 0 [pid 2669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2669] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2669] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2669] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2670 attached => {parent_tid=[2670]}, 88) = 2670 [pid 2670] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2669] rt_sigprocmask(SIG_SETMASK, [], [pid 2670] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2669] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2670] <... futex resumed>) = 0 [pid 2669] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2670] memfd_create("syzkaller", 0 [pid 2669] <... futex resumed>) = 0 [pid 2670] <... memfd_create resumed>) = 3 [pid 2670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2669] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2671]}, 88) = 2671 [pid 2670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2671 attached [pid 2671] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2671] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2669] rt_sigprocmask(SIG_SETMASK, [], [pid 2670] <... write resumed>) = 262144 [pid 2669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2670] munmap(0x7f22d9170000, 138412032 [pid 2669] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2670] <... munmap resumed>) = 0 [pid 2670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 59.775900][ T2667] loop0: detected capacity change from 0 to 512 [pid 2670] ioctl(4, LOOP_SET_FD, 3 [pid 2669] <... futex resumed>) = 1 [pid 2671] <... futex resumed>) = 0 [pid 2671] creat("./bus", 000) = 5 [pid 2669] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2671] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2669] <... futex resumed>) = 0 [pid 2669] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2671] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2671] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2669] <... futex resumed>) = 0 [pid 2669] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2671] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2671] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2669] <... futex resumed>) = 0 [pid 2669] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2671] <... futex resumed>) = 1 [pid 2671] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2670] <... ioctl resumed>) = 0 [pid 2670] close(3) = 0 [pid 2670] close(4) = 0 [pid 2671] <... mmap resumed>) = 0x20000000 [pid 2671] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2670] mkdir(0x200000c0, 0777 [pid 2671] <... futex resumed>) = 1 [pid 2669] <... futex resumed>) = 0 [pid 2669] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2671] memfd_create("syzkaller", 0) = 3 [pid 2671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2670] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2670] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2670] ioctl(4, LOOP_CLR_FD) = 0 [pid 2670] close(4) = 0 [pid 2670] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2670] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2671] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2671] munmap(0x7f22d9170000, 138412032) = 0 [pid 2671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2671] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2671] ioctl(4, LOOP_CLR_FD) = 0 [pid 2671] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2671] close(4) = 0 [pid 2671] close(3) = 0 [pid 2671] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2671] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2669] exit_group(0) = ? [pid 2670] <... futex resumed>) = ? [pid 2670] +++ exited with 0 +++ [pid 2671] <... futex resumed>) = ? [pid 2671] +++ exited with 0 +++ [pid 2669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2669, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./735", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./735", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./735/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./735/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./735/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./735/bus") = 0 umount2("./735/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./735/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./735/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./735") = 0 mkdir("./736", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2672 ./strace-static-x86_64: Process 2672 attached [pid 2672] set_robust_list(0x5555564336a0, 24) = 0 [pid 2672] chdir("./736") = 0 [pid 2672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2672] setpgid(0, 0) = 0 [pid 2672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2672] write(3, "1000", 4) = 4 [pid 2672] close(3) = 0 [pid 2672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2672] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2672] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2672] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2672] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2673 attached [pid 2673] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2673] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2672] <... clone3 resumed> => {parent_tid=[2673]}, 88) = 2673 [pid 2672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2672] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2673] <... futex resumed>) = 0 [pid 2672] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2673] memfd_create("syzkaller", 0 [pid 2672] <... futex resumed>) = 0 [pid 2673] <... memfd_create resumed>) = 3 [pid 2673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2672] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2672] <... clone3 resumed> => {parent_tid=[2674]}, 88) = 2674 [pid 2672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2672] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2673] <... write resumed>) = 262144 ./strace-static-x86_64: Process 2674 attached [pid 2673] munmap(0x7f22d9170000, 138412032 [ 59.833087][ T2670] loop0: detected capacity change from 0 to 512 [pid 2674] set_robust_list(0x7f22d916f9a0, 24 [pid 2672] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2674] <... set_robust_list resumed>) = 0 [pid 2673] <... munmap resumed>) = 0 [pid 2674] rt_sigprocmask(SIG_SETMASK, [], [pid 2673] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2673] <... openat resumed>) = 4 [pid 2673] ioctl(4, LOOP_SET_FD, 3 [pid 2674] creat("./bus", 000) = 5 [pid 2674] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2672] <... futex resumed>) = 0 [pid 2672] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2672] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2674] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2674] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2672] <... futex resumed>) = 0 [pid 2672] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2672] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2674] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2674] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2672] <... futex resumed>) = 0 [pid 2672] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2672] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2674] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2673] <... ioctl resumed>) = 0 [pid 2673] close(3) = 0 [pid 2673] close(4) = 0 [pid 2673] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2673] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2673] ioctl(3, LOOP_CLR_FD) = 0 [pid 2673] close(3) = 0 [pid 2674] <... mmap resumed>) = 0x20000000 [pid 2673] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2673] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2674] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2672] <... futex resumed>) = 0 [pid 2672] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2673] <... futex resumed>) = 0 [pid 2673] memfd_create("syzkaller", 0) = 3 [pid 2674] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2673] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2673] munmap(0x7f22d9170000, 138412032) = 0 [pid 2673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2673] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2673] ioctl(4, LOOP_CLR_FD) = 0 [pid 2673] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2673] close(4) = 0 [pid 2673] close(3) = 0 [pid 2673] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2673] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2672] exit_group(0 [pid 2674] <... futex resumed>) = ? [pid 2672] <... exit_group resumed>) = ? [pid 2674] +++ exited with 0 +++ [pid 2673] <... futex resumed>) = ? [pid 2673] +++ exited with 0 +++ [pid 2672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2672, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./736", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./736", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./736/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./736/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./736/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./736/bus") = 0 umount2("./736/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./736/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./736/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./736") = 0 mkdir("./737", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2675 attached , child_tidptr=0x555556433690) = 2675 [pid 2675] set_robust_list(0x5555564336a0, 24) = 0 [pid 2675] chdir("./737") = 0 [pid 2675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2675] setpgid(0, 0) = 0 [pid 2675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2675] write(3, "1000", 4) = 4 [pid 2675] close(3) = 0 [pid 2675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2675] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2675] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2675] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2675] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2675] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2676 attached [pid 2676] set_robust_list(0x7f22e15909a0, 24 [pid 2675] <... clone3 resumed> => {parent_tid=[2676]}, 88) = 2676 [pid 2676] <... set_robust_list resumed>) = 0 [pid 2675] rt_sigprocmask(SIG_SETMASK, [], [pid 2676] rt_sigprocmask(SIG_SETMASK, [], [pid 2675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2675] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2675] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2676] memfd_create("syzkaller", 0 [pid 2675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2676] <... memfd_create resumed>) = 3 [pid 2675] <... mmap resumed>) = 0x7f22e154f000 [pid 2676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2675] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2675] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2676] <... mmap resumed>) = 0x7f22d914f000 [pid 2675] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2677]}, 88) = 2677 [pid 2675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2675] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2675] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2677 attached [pid 2676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2677] set_robust_list(0x7f22e156f9a0, 24 [pid 2676] munmap(0x7f22d914f000, 138412032 [pid 2677] <... set_robust_list resumed>) = 0 [pid 2677] rt_sigprocmask(SIG_SETMASK, [], [pid 2676] <... munmap resumed>) = 0 [pid 2677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2676] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2677] creat("./bus", 000 [pid 2676] <... openat resumed>) = 4 [ 59.894103][ T2673] loop0: detected capacity change from 0 to 512 [pid 2676] ioctl(4, LOOP_SET_FD, 3 [pid 2677] <... creat resumed>) = 5 [pid 2677] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2677] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2676] <... ioctl resumed>) = 0 [pid 2675] <... futex resumed>) = 0 [pid 2675] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2676] close(3 [pid 2675] <... futex resumed>) = 1 [pid 2676] <... close resumed>) = 0 [pid 2675] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2676] close(4) = 0 [pid 2676] mkdir("./file0", 0777) = 0 [pid 2676] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2677] <... futex resumed>) = 0 [pid 2677] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2677] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2675] <... futex resumed>) = 0 [pid 2675] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2675] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2677] <... futex resumed>) = 1 [pid 2677] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2677] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2675] <... futex resumed>) = 0 [pid 2675] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2675] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2677] <... futex resumed>) = 1 [pid 2677] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2676] <... mount resumed>) = 0 [pid 2676] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2676] ioctl(4, LOOP_CLR_FD) = 0 [pid 2676] close(4) = 0 [pid 2676] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2676] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2677] <... mmap resumed>) = 0x20000000 [pid 2677] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2675] <... futex resumed>) = 0 [pid 2675] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2676] <... futex resumed>) = 0 [pid 2676] memfd_create("syzkaller", 0 [pid 2677] <... futex resumed>) = 1 [pid 2676] <... memfd_create resumed>) = 4 [pid 2677] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2676] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2676] munmap(0x7f22d914f000, 138412032) = 0 [pid 2676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2676] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2676] ioctl(6, LOOP_CLR_FD) = 0 [pid 2676] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2676] close(6) = 0 [pid 2676] close(4) = 0 [pid 2676] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2675] exit_group(0 [pid 2676] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2677] <... futex resumed>) = ? [pid 2675] <... exit_group resumed>) = ? [pid 2677] +++ exited with 0 +++ [pid 2676] +++ exited with 0 +++ [pid 2675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2675, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./737", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./737", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./737/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./737/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./737/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./737/bus") = 0 umount2("./737/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./737/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./737/binderfs") = 0 umount2("./737/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./737/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./737/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./737/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./737/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./737/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./737") = 0 mkdir("./738", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2679 attached , child_tidptr=0x555556433690) = 2679 [pid 2679] set_robust_list(0x5555564336a0, 24) = 0 [ 59.952345][ T2676] loop0: detected capacity change from 0 to 512 [ 59.961349][ T2676] EXT4-fs (loop0): 1 truncate cleaned up [pid 2679] chdir("./738") = 0 [pid 2679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2679] setpgid(0, 0) = 0 [pid 2679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2679] write(3, "1000", 4) = 4 [pid 2679] close(3) = 0 [pid 2679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2679] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2679] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2679] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2679] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2680 attached [pid 2680] set_robust_list(0x7f22e15909a0, 24 [pid 2679] <... clone3 resumed> => {parent_tid=[2680]}, 88) = 2680 [pid 2680] <... set_robust_list resumed>) = 0 [pid 2679] rt_sigprocmask(SIG_SETMASK, [], [pid 2680] rt_sigprocmask(SIG_SETMASK, [], [pid 2679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2680] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2679] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2680] memfd_create("syzkaller", 0 [pid 2679] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2680] <... memfd_create resumed>) = 3 [pid 2679] <... futex resumed>) = 0 [pid 2680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2680] <... mmap resumed>) = 0x7f22d914f000 [pid 2679] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2679] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2681 attached => {parent_tid=[2681]}, 88) = 2681 [pid 2681] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2681] rt_sigprocmask(SIG_SETMASK, [], [pid 2679] rt_sigprocmask(SIG_SETMASK, [], [pid 2681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2681] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2679] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2681] <... futex resumed>) = 0 [pid 2681] creat("./bus", 000 [pid 2679] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2681] <... creat resumed>) = 4 [pid 2681] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2681] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2679] <... futex resumed>) = 0 [pid 2680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2679] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2681] <... futex resumed>) = 0 [pid 2681] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2679] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2681] <... mount resumed>) = 0 [pid 2681] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2681] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2679] <... futex resumed>) = 0 [pid 2679] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2681] <... futex resumed>) = 0 [pid 2681] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2679] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2681] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2681] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2679] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2679] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2679] <... futex resumed>) = 0 [pid 2681] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2679] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2681] <... mmap resumed>) = 0x20000000 [pid 2681] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2679] <... futex resumed>) = 0 [pid 2679] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2681] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2680] <... write resumed>) = ? [pid 2681] +++ killed by SIGBUS +++ [pid 2680] +++ killed by SIGBUS +++ [pid 2679] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2679, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./738", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./738", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./738/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./738/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./738/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./738/bus") = 0 umount2("./738/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./738/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./738/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./738") = 0 mkdir("./739", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2682 ./strace-static-x86_64: Process 2682 attached [pid 2682] set_robust_list(0x5555564336a0, 24) = 0 [pid 2682] chdir("./739") = 0 [pid 2682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2682] setpgid(0, 0) = 0 [pid 2682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2682] write(3, "1000", 4) = 4 [pid 2682] close(3) = 0 [pid 2682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2682] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2682] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2682] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2682] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2683 attached [pid 2683] set_robust_list(0x7f22e15909a0, 24 [pid 2682] <... clone3 resumed> => {parent_tid=[2683]}, 88) = 2683 [pid 2683] <... set_robust_list resumed>) = 0 [pid 2682] rt_sigprocmask(SIG_SETMASK, [], [pid 2683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2682] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2683] memfd_create("syzkaller", 0 [pid 2682] <... futex resumed>) = 0 [pid 2682] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2683] <... memfd_create resumed>) = 3 [pid 2683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2683] <... mmap resumed>) = 0x7f22d914f000 [pid 2682] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2684]}, 88) = 2684 [pid 2682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2682] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2682] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2684 attached [pid 2684] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2684] creat("./bus", 000 [pid 2683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2684] <... creat resumed>) = 4 [pid 2684] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2682] <... futex resumed>) = 0 [pid 2682] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2682] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2684] <... futex resumed>) = 1 [pid 2684] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2684] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2682] <... futex resumed>) = 0 [pid 2682] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2682] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2684] <... futex resumed>) = 1 [pid 2684] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2684] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2682] <... futex resumed>) = 0 [pid 2682] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2682] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2684] <... futex resumed>) = 1 [pid 2684] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2684] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2682] <... futex resumed>) = 0 [pid 2682] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2684] <... futex resumed>) = 1 [pid 2684] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2683] <... write resumed>) = ? [pid 2683] +++ killed by SIGBUS +++ [pid 2684] +++ killed by SIGBUS +++ [pid 2682] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2682, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./739", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./739", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./739/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./739/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./739/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./739/bus") = 0 umount2("./739/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./739/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./739/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./739") = 0 mkdir("./740", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2685 ./strace-static-x86_64: Process 2685 attached [pid 2685] set_robust_list(0x5555564336a0, 24) = 0 [pid 2685] chdir("./740") = 0 [pid 2685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2685] setpgid(0, 0) = 0 [pid 2685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2685] write(3, "1000", 4) = 4 [pid 2685] close(3) = 0 [pid 2685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2685] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2685] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2685] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2685] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2686 attached => {parent_tid=[2686]}, 88) = 2686 [pid 2686] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2686] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2685] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2686] <... futex resumed>) = 0 [pid 2685] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2686] memfd_create("syzkaller", 0) = 3 [pid 2686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2685] <... futex resumed>) = 0 [pid 2685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2685] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2687]}, 88) = 2687 [pid 2685] rt_sigprocmask(SIG_SETMASK, [], [pid 2686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2685] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2685] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2686] <... write resumed>) = 262144 [pid 2686] munmap(0x7f22d9170000, 138412032./strace-static-x86_64: Process 2687 attached [pid 2687] set_robust_list(0x7f22d916f9a0, 24 [pid 2686] <... munmap resumed>) = 0 [pid 2687] <... set_robust_list resumed>) = 0 [pid 2686] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2686] <... openat resumed>) = 4 [pid 2687] creat("./bus", 000 [pid 2686] ioctl(4, LOOP_SET_FD, 3 [pid 2687] <... creat resumed>) = 5 [pid 2686] <... ioctl resumed>) = 0 [pid 2687] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2686] close(3 [pid 2687] <... futex resumed>) = 1 [pid 2685] <... futex resumed>) = 0 [pid 2687] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2686] <... close resumed>) = 0 [pid 2685] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2687] <... mount resumed>) = 0 [pid 2685] <... futex resumed>) = 0 [pid 2687] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2686] close(4 [pid 2685] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2687] <... futex resumed>) = 0 [pid 2687] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2686] <... close resumed>) = 0 [pid 2685] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2687] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2685] <... futex resumed>) = 0 [pid 2685] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2687] <... open resumed>) = 3 [pid 2687] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2685] <... futex resumed>) = 0 [pid 2687] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2685] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2685] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2686] mkdir(0x200000c0, 0777 [pid 2687] <... mmap resumed>) = 0x20000000 [pid 2687] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2686] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2685] <... futex resumed>) = 0 [pid 2687] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2686] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 2685] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2687] memfd_create("syzkaller", 0) = 4 [pid 2687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2686] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 2687] <... mmap resumed>) = 0x7f22d9170000 [pid 2686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2686] ioctl(6, LOOP_CLR_FD) = 0 [pid 2686] close(6) = 0 [pid 2686] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2686] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2687] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2687] munmap(0x7f22d9170000, 138412032) = 0 [pid 2687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2687] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2687] ioctl(6, LOOP_CLR_FD) = 0 [pid 2687] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2687] close(6) = 0 [pid 2687] close(4) = 0 [pid 2687] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2687] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2685] exit_group(0) = ? [pid 2687] <... futex resumed>) = ? [pid 2686] <... futex resumed>) = ? [pid 2687] +++ exited with 0 +++ [pid 2686] +++ exited with 0 +++ [pid 2685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2685, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./740", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./740", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./740/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./740/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./740/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./740/bus") = 0 umount2("./740/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./740/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./740/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./740") = 0 mkdir("./741", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2688 attached , child_tidptr=0x555556433690) = 2688 [pid 2688] set_robust_list(0x5555564336a0, 24) = 0 [pid 2688] chdir("./741") = 0 [pid 2688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2688] setpgid(0, 0) = 0 [pid 2688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2688] write(3, "1000", 4) = 4 [pid 2688] close(3) = 0 [pid 2688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2688] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2688] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2688] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2689]}, 88) = 2689 [pid 2688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2688] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2688] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 2689 attached ) = 0 [pid 2688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2689] set_robust_list(0x7f22e15909a0, 24 [pid 2688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2690]}, 88) = 2690 [pid 2688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2688] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2689] <... set_robust_list resumed>) = 0 [pid 2689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2689] memfd_create("syzkaller", 0) = 3 [pid 2689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2690 attached [ 60.070138][ T2686] loop0: detected capacity change from 0 to 512 [pid 2690] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2690] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2690] creat("./bus", 000) = 4 [pid 2690] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2688] <... futex resumed>) = 0 [pid 2688] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2690] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2690] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2688] <... futex resumed>) = 0 [pid 2688] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2690] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2689] <... write resumed>) = 262144 [pid 2689] munmap(0x7f22d914f000, 138412032) = 0 [pid 2689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2689] ioctl(5, LOOP_SET_FD, 3 [pid 2690] <... open resumed>) = 6 [pid 2689] <... ioctl resumed>) = 0 [pid 2690] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2689] close(3) = 0 [pid 2689] close(5 [pid 2690] <... futex resumed>) = 1 [pid 2688] <... futex resumed>) = 0 [pid 2688] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2689] <... close resumed>) = 0 [pid 2689] mkdir("./file0", 0777 [pid 2690] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2689] <... mkdir resumed>) = 0 [pid 2689] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2689] ioctl(3, LOOP_CLR_FD) = 0 [pid 2689] close(3 [pid 2690] <... mmap resumed>) = 0x20000000 [pid 2690] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2689] <... close resumed>) = 0 [pid 2689] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2689] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2688] <... futex resumed>) = 0 [pid 2688] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2690] <... futex resumed>) = 1 [pid 2689] <... futex resumed>) = 0 [pid 2690] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2689] memfd_create("syzkaller", 0) = 3 [pid 2689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2689] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2689] munmap(0x7f22d914f000, 138412032) = 0 [pid 2689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2689] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2689] ioctl(5, LOOP_CLR_FD) = 0 [pid 2689] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2689] close(5) = 0 [pid 2689] close(3) = 0 [pid 2689] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2689] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2688] exit_group(0 [pid 2690] <... futex resumed>) = ? [pid 2688] <... exit_group resumed>) = ? [pid 2690] +++ exited with 0 +++ [pid 2689] <... futex resumed>) = ? [pid 2689] +++ exited with 0 +++ [pid 2688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2688, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./741", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./741", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./741/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./741/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./741/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./741/bus") = 0 umount2("./741/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./741/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./741/binderfs") = 0 umount2("./741/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./741/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./741/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./741/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./741/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./741") = 0 mkdir("./742", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2691 ./strace-static-x86_64: Process 2691 attached [pid 2691] set_robust_list(0x5555564336a0, 24) = 0 [pid 2691] chdir("./742") = 0 [pid 2691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2691] setpgid(0, 0) = 0 [pid 2691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2691] write(3, "1000", 4) = 4 [pid 2691] close(3) = 0 [pid 2691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2691] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2691] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2691] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2691] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2691] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2692]}, 88) = 2692 [pid 2691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2691] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2691] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2691] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2691] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2693]}, 88) = 2693 [pid 2691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2691] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2691] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2692 attached [pid 2692] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2692] memfd_create("syzkaller", 0) = 3 [pid 2692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2693 attached [pid 2693] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2693] rt_sigprocmask(SIG_SETMASK, [], [pid 2692] <... write resumed>) = 262144 [pid 2692] munmap(0x7f22d914f000, 138412032) = 0 [pid 2693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2692] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2693] creat("./bus", 000 [pid 2692] <... openat resumed>) = 4 [ 60.133869][ T2689] loop0: detected capacity change from 0 to 512 [pid 2692] ioctl(4, LOOP_SET_FD, 3 [pid 2693] <... creat resumed>) = 5 [pid 2693] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2691] <... futex resumed>) = 0 [pid 2691] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2691] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2693] <... futex resumed>) = 1 [pid 2693] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2693] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2691] <... futex resumed>) = 0 [pid 2691] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2691] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2693] <... futex resumed>) = 1 [pid 2693] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2693] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2691] <... futex resumed>) = 0 [pid 2691] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2691] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2693] <... futex resumed>) = 1 [pid 2693] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2692] <... ioctl resumed>) = 0 [pid 2692] close(3) = 0 [pid 2692] close(4 [pid 2693] <... mmap resumed>) = 0x20000000 [pid 2693] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2691] <... futex resumed>) = 0 [pid 2691] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2693] <... futex resumed>) = 1 [pid 2693] memfd_create("syzkaller", 0) = 3 [pid 2693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2692] <... close resumed>) = 0 [pid 2692] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2692] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2692] ioctl(4, LOOP_CLR_FD) = 0 [pid 2692] close(4) = 0 [pid 2692] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2692] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2693] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2693] munmap(0x7f22d914f000, 138412032) = 0 [pid 2693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2693] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2693] ioctl(4, LOOP_CLR_FD) = 0 [pid 2693] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2693] close(4) = 0 [pid 2693] close(3) = 0 [pid 2693] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2693] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2691] exit_group(0 [pid 2693] <... futex resumed>) = ? [pid 2691] <... exit_group resumed>) = ? [pid 2692] <... futex resumed>) = ? [pid 2693] +++ exited with 0 +++ [pid 2692] +++ exited with 0 +++ [pid 2691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2691, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./742", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./742", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./742/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./742/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./742/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./742/bus") = 0 umount2("./742/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./742/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./742/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./742") = 0 mkdir("./743", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2694 ./strace-static-x86_64: Process 2694 attached [pid 2694] set_robust_list(0x5555564336a0, 24) = 0 [pid 2694] chdir("./743") = 0 [pid 2694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2694] setpgid(0, 0) = 0 [pid 2694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2694] write(3, "1000", 4) = 4 [pid 2694] close(3) = 0 [pid 2694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2694] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2694] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2694] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2694] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 60.193007][ T2692] loop0: detected capacity change from 0 to 512 [pid 2694] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2695 attached [pid 2695] set_robust_list(0x7f22e15909a0, 24 [pid 2694] <... clone3 resumed> => {parent_tid=[2695]}, 88) = 2695 [pid 2695] <... set_robust_list resumed>) = 0 [pid 2694] rt_sigprocmask(SIG_SETMASK, [], [pid 2695] rt_sigprocmask(SIG_SETMASK, [], [pid 2694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2694] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2695] memfd_create("syzkaller", 0 [pid 2694] <... futex resumed>) = 0 [pid 2695] <... memfd_create resumed>) = 3 [pid 2694] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2694] <... futex resumed>) = 0 [pid 2695] <... mmap resumed>) = 0x7f22d9170000 [pid 2694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2694] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2694] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2694] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2695] <... write resumed>) = 262144 [pid 2695] munmap(0x7f22d9170000, 138412032 [pid 2694] <... clone3 resumed> => {parent_tid=[2696]}, 88) = 2696 ./strace-static-x86_64: Process 2696 attached [pid 2695] <... munmap resumed>) = 0 [pid 2696] set_robust_list(0x7f22d916f9a0, 24 [pid 2695] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2696] <... set_robust_list resumed>) = 0 [pid 2695] <... openat resumed>) = 4 [pid 2696] rt_sigprocmask(SIG_SETMASK, [], [pid 2695] ioctl(4, LOOP_SET_FD, 3 [pid 2696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2694] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2694] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2696] creat("./bus", 000) = 5 [pid 2696] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2694] <... futex resumed>) = 0 [pid 2694] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2696] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2696] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2694] <... futex resumed>) = 0 [pid 2694] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2696] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2696] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2694] <... futex resumed>) = 0 [pid 2694] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2696] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2695] <... ioctl resumed>) = 0 [pid 2695] close(3) = 0 [pid 2695] close(4) = 0 [pid 2695] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2695] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2695] ioctl(3, LOOP_CLR_FD) = 0 [pid 2695] close(3) = 0 [pid 2695] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2695] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2696] <... mmap resumed>) = 0x20000000 [pid 2696] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2694] <... futex resumed>) = 0 [pid 2694] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2695] <... futex resumed>) = 0 [pid 2695] memfd_create("syzkaller", 0) = 3 [pid 2695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2696] <... futex resumed>) = 1 [pid 2696] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2695] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2695] munmap(0x7f22d9170000, 138412032) = 0 [pid 2695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2695] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2695] ioctl(4, LOOP_CLR_FD) = 0 [pid 2695] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2695] close(4) = 0 [pid 2695] close(3) = 0 [pid 2695] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2695] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2694] exit_group(0 [pid 2696] <... futex resumed>) = ? [pid 2694] <... exit_group resumed>) = ? [pid 2696] +++ exited with 0 +++ [pid 2695] <... futex resumed>) = ? [pid 2695] +++ exited with 0 +++ [pid 2694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2694, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./743", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./743", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./743/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./743/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./743/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./743/bus") = 0 umount2("./743/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./743/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./743/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./743") = 0 mkdir("./744", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2697 ./strace-static-x86_64: Process 2697 attached [pid 2697] set_robust_list(0x5555564336a0, 24) = 0 [pid 2697] chdir("./744") = 0 [pid 2697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2697] setpgid(0, 0) = 0 [pid 2697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2697] write(3, "1000", 4) = 4 [pid 2697] close(3) = 0 [pid 2697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2697] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2697] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [ 60.257345][ T2695] loop0: detected capacity change from 0 to 512 [pid 2697] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2698]}, 88) = 2698 [pid 2697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2697] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2697] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2697] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2699]}, 88) = 2699 [pid 2697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2697] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2697] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2699 attached [pid 2699] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2699] creat("./bus", 000) = 3 [pid 2699] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2697] <... futex resumed>) = 0 [pid 2697] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2697] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2699] <... futex resumed>) = 1 [pid 2699] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2699] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2697] <... futex resumed>) = 0 [pid 2697] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2697] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2699] <... futex resumed>) = 1 [pid 2699] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2699] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2697] <... futex resumed>) = 0 [pid 2697] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2697] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2699] <... futex resumed>) = 1 [pid 2699] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2699] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2697] <... futex resumed>) = 0 [pid 2697] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2699] <... futex resumed>) = 1 [pid 2699] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2699] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2698 attached [pid 2698] +++ killed by SIGBUS +++ [pid 2697] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2697, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./744", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./744", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./744/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./744/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./744/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./744/bus") = 0 umount2("./744/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./744/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./744/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./744") = 0 mkdir("./745", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2700 ./strace-static-x86_64: Process 2700 attached [pid 2700] set_robust_list(0x5555564336a0, 24) = 0 [pid 2700] chdir("./745") = 0 [pid 2700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2700] setpgid(0, 0) = 0 [pid 2700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2700] write(3, "1000", 4) = 4 [pid 2700] close(3) = 0 [pid 2700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2700] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2700] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2700] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2700] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2700] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2700] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2701]}, 88) = 2701 [pid 2700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2700] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2700] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2700] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 2701 attached ) = 0 [pid 2701] set_robust_list(0x7f22e15909a0, 24 [pid 2700] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2701] <... set_robust_list resumed>) = 0 [pid 2700] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2701] rt_sigprocmask(SIG_SETMASK, [], [pid 2700] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2700] <... clone3 resumed> => {parent_tid=[2702]}, 88) = 2702 [pid 2700] rt_sigprocmask(SIG_SETMASK, [], [pid 2701] memfd_create("syzkaller", 0 [pid 2700] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2700] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2701] <... memfd_create resumed>) = 3 [pid 2700] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 2702 attached [pid 2702] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2702] creat("./bus", 000 [pid 2701] <... mmap resumed>) = 0x7f22d914f000 [pid 2702] <... creat resumed>) = 4 [pid 2702] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2702] <... futex resumed>) = 1 [pid 2700] <... futex resumed>) = 0 [pid 2700] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2700] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2701] <... write resumed>) = 262144 [pid 2702] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2701] munmap(0x7f22d914f000, 138412032 [pid 2702] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2701] <... munmap resumed>) = 0 [pid 2700] <... futex resumed>) = 0 [pid 2700] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2700] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2702] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2701] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2702] <... open resumed>) = 5 [pid 2701] <... openat resumed>) = 6 [pid 2702] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2701] ioctl(6, LOOP_SET_FD, 3 [pid 2702] <... futex resumed>) = 1 [pid 2700] <... futex resumed>) = 0 [pid 2700] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2700] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2702] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2701] <... ioctl resumed>) = 0 [pid 2701] close(3) = 0 [pid 2701] close(6) = 0 [pid 2701] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2701] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2701] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2702] <... mmap resumed>) = 0x20000000 [pid 2701] <... openat resumed>) = 3 [pid 2701] ioctl(3, LOOP_CLR_FD) = 0 [pid 2701] close(3) = 0 [pid 2701] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2701] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2702] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2700] <... futex resumed>) = 0 [pid 2702] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2700] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2701] <... futex resumed>) = 0 [pid 2701] memfd_create("syzkaller", 0) = 3 [pid 2701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2701] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2701] munmap(0x7f22d914f000, 138412032) = 0 [pid 2701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2701] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2701] ioctl(6, LOOP_CLR_FD) = 0 [pid 2701] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2701] close(6) = 0 [pid 2701] close(3) = 0 [pid 2701] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2700] exit_group(0 [pid 2702] <... futex resumed>) = ? [pid 2700] <... exit_group resumed>) = ? [pid 2702] +++ exited with 0 +++ [pid 2701] +++ exited with 0 +++ [pid 2700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2700, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./745", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./745", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./745/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./745/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./745/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./745/bus") = 0 umount2("./745/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./745/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./745/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./745") = 0 mkdir("./746", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2703 attached , child_tidptr=0x555556433690) = 2703 [pid 2703] set_robust_list(0x5555564336a0, 24) = 0 [pid 2703] chdir("./746") = 0 [pid 2703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2703] setpgid(0, 0) = 0 [pid 2703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2703] write(3, "1000", 4) = 4 [pid 2703] close(3) = 0 [pid 2703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2703] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2703] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2703] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2703] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2703] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2704]}, 88) = 2704 [pid 2703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2703] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2703] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2703] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2703] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2704 attached => {parent_tid=[2705]}, 88) = 2705 [pid 2703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2703] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2705 attached [pid 2705] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2705] creat("./bus", 000 [pid 2704] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2705] <... creat resumed>) = 3 [pid 2705] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2703] <... futex resumed>) = 0 [ 60.336467][ T2701] loop0: detected capacity change from 0 to 512 [pid 2703] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2705] <... futex resumed>) = 1 [pid 2705] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2705] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2703] <... futex resumed>) = 0 [pid 2703] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2705] <... futex resumed>) = 1 [pid 2705] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2705] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2703] <... futex resumed>) = 0 [pid 2703] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2705] <... futex resumed>) = 1 [pid 2705] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2704] rt_sigprocmask(SIG_SETMASK, [], [pid 2705] <... mmap resumed>) = 0x20000000 [pid 2705] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2703] <... futex resumed>) = 0 [pid 2703] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2705] <... futex resumed>) = 1 [pid 2705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2704] <... rt_sigprocmask resumed> ) = ? [pid 2704] +++ killed by SIGBUS +++ [pid 2705] +++ killed by SIGBUS +++ [pid 2703] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2703, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./746", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./746", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./746/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./746/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./746/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./746/bus") = 0 umount2("./746/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./746/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./746/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./746") = 0 mkdir("./747", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2706 ./strace-static-x86_64: Process 2706 attached [pid 2706] set_robust_list(0x5555564336a0, 24) = 0 [pid 2706] chdir("./747") = 0 [pid 2706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2706] setpgid(0, 0) = 0 [pid 2706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2706] write(3, "1000", 4) = 4 [pid 2706] close(3) = 0 [pid 2706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2706] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2706] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2706] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2706] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2706] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2706] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2707]}, 88) = 2707 [pid 2706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2706] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2706] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2706] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2706] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2706] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2707 attached => {parent_tid=[2708]}, 88) = 2708 [pid 2707] set_robust_list(0x7f22e15909a0, 24 [pid 2706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2706] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2706] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2708 attached [pid 2708] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2708] creat("./bus", 000 [pid 2707] <... set_robust_list resumed>) = 0 [pid 2708] <... creat resumed>) = 3 [pid 2707] rt_sigprocmask(SIG_SETMASK, [], [pid 2708] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2706] <... futex resumed>) = 0 [pid 2706] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2706] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2708] <... futex resumed>) = 1 [pid 2708] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2708] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2706] <... futex resumed>) = 0 [pid 2706] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2706] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2708] <... futex resumed>) = 1 [pid 2708] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2708] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2706] <... futex resumed>) = 0 [pid 2706] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2706] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2708] <... futex resumed>) = 1 [pid 2708] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2708] <... mmap resumed>) = 0x20000000 [pid 2708] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2706] <... futex resumed>) = 0 [pid 2706] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2708] <... futex resumed>) = 1 [pid 2708] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2707] +++ killed by SIGBUS +++ [pid 2708] +++ killed by SIGBUS +++ [pid 2706] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2706, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./747", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./747", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./747/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./747/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./747/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./747/bus") = 0 umount2("./747/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./747/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./747/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./747") = 0 mkdir("./748", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2709 ./strace-static-x86_64: Process 2709 attached [pid 2709] set_robust_list(0x5555564336a0, 24) = 0 [pid 2709] chdir("./748") = 0 [pid 2709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2709] setpgid(0, 0) = 0 [pid 2709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2709] write(3, "1000", 4) = 4 [pid 2709] close(3) = 0 [pid 2709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2709] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2709] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2709] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2709] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2710 attached => {parent_tid=[2710]}, 88) = 2710 [pid 2710] set_robust_list(0x7f22e15909a0, 24 [pid 2709] rt_sigprocmask(SIG_SETMASK, [], [pid 2710] <... set_robust_list resumed>) = 0 [pid 2709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2709] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2709] <... futex resumed>) = 0 [pid 2710] memfd_create("syzkaller", 0 [pid 2709] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2710] <... memfd_create resumed>) = 3 [pid 2709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2709] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2710] <... mmap resumed>) = 0x7f22d914f000 [pid 2709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2711 attached => {parent_tid=[2711]}, 88) = 2711 [pid 2711] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2711] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2709] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2711] <... futex resumed>) = 0 [pid 2711] creat("./bus", 000 [pid 2709] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2711] <... creat resumed>) = 4 [pid 2711] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2711] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2709] <... futex resumed>) = 0 [pid 2709] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2709] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2711] <... futex resumed>) = 0 [pid 2711] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2711] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2709] <... futex resumed>) = 0 [pid 2711] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2709] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2709] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2711] <... open resumed>) = 5 [pid 2711] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2709] <... futex resumed>) = 0 [pid 2709] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2711] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2709] <... futex resumed>) = 0 [pid 2709] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2711] <... mmap resumed>) = 0x20000000 [pid 2711] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2709] <... futex resumed>) = 0 [pid 2709] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2711] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2710] +++ killed by SIGBUS +++ [pid 2711] +++ killed by SIGBUS +++ [pid 2709] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2709, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./748", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./748", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./748/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./748/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./748/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./748/bus") = 0 umount2("./748/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./748/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./748/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./748") = 0 mkdir("./749", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2712 ./strace-static-x86_64: Process 2712 attached [pid 2712] set_robust_list(0x5555564336a0, 24) = 0 [pid 2712] chdir("./749") = 0 [pid 2712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2712] setpgid(0, 0) = 0 [pid 2712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2712] write(3, "1000", 4) = 4 [pid 2712] close(3) = 0 [pid 2712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2712] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2712] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2712] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2713 attached [pid 2713] set_robust_list(0x7f22e15909a0, 24 [pid 2712] <... clone3 resumed> => {parent_tid=[2713]}, 88) = 2713 [pid 2713] <... set_robust_list resumed>) = 0 [pid 2712] rt_sigprocmask(SIG_SETMASK, [], [pid 2713] rt_sigprocmask(SIG_SETMASK, [], [pid 2712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2712] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2712] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2714]}, 88) = 2714 [pid 2712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2712] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2714 attached [pid 2713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2712] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2714] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2713] memfd_create("syzkaller", 0 [pid 2714] rt_sigprocmask(SIG_SETMASK, [], [pid 2713] <... memfd_create resumed>) = 3 [pid 2714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2714] creat("./bus", 000 [pid 2713] <... mmap resumed>) = 0x7f22d914f000 [pid 2714] <... creat resumed>) = 4 [pid 2714] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2712] <... futex resumed>) = 0 [pid 2712] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2714] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2714] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2712] <... futex resumed>) = 0 [pid 2712] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2714] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2714] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2712] <... futex resumed>) = 0 [pid 2712] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2714] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2714] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2713] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d7f} --- [pid 2714] <... futex resumed>) = ? [pid 2712] <... futex resumed>) = ? [pid 2714] +++ killed by SIGBUS +++ [pid 2713] +++ killed by SIGBUS +++ [pid 2712] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2712, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./749", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./749", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./749/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./749/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./749/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./749/bus") = 0 umount2("./749/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./749/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./749/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./749") = 0 mkdir("./750", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2716 ./strace-static-x86_64: Process 2716 attached [pid 2716] set_robust_list(0x5555564336a0, 24) = 0 [pid 2716] chdir("./750") = 0 [pid 2716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2716] setpgid(0, 0) = 0 [pid 2716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2716] write(3, "1000", 4) = 4 [pid 2716] close(3) = 0 [pid 2716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2716] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2716] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2716] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2717 attached => {parent_tid=[2717]}, 88) = 2717 [pid 2717] set_robust_list(0x7f22e15909a0, 24 [pid 2716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2716] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2716] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2716] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2718]}, 88) = 2718 [pid 2716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2716] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2716] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2717] <... set_robust_list resumed>) = 0 [pid 2717] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2717] memfd_create("syzkaller", 0) = 3 [pid 2717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2718 attached [pid 2717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2718] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2718] creat("./bus", 000) = 4 [pid 2718] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2718] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2716] <... futex resumed>) = 0 [pid 2716] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2717] <... write resumed>) = 262144 [pid 2718] <... futex resumed>) = 0 [pid 2718] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2716] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2717] munmap(0x7f22d914f000, 138412032) = 0 [pid 2718] <... mount resumed>) = 0 [pid 2717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2717] ioctl(5, LOOP_SET_FD, 3 [pid 2718] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2717] <... ioctl resumed>) = 0 [pid 2718] <... futex resumed>) = 1 [pid 2717] close(3 [pid 2716] <... futex resumed>) = 0 [pid 2718] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2717] <... close resumed>) = 0 [pid 2716] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2717] close(5 [pid 2716] <... futex resumed>) = 0 [pid 2718] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2717] <... close resumed>) = 0 [pid 2716] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2718] <... open resumed>) = 3 [pid 2717] mkdir("./file0", 0777 [pid 2718] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2717] <... mkdir resumed>) = 0 [pid 2718] <... futex resumed>) = 1 [pid 2717] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2716] <... futex resumed>) = 0 [pid 2718] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2716] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2716] <... futex resumed>) = 0 [pid 2718] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2716] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2718] <... mmap resumed>) = 0x20000000 [pid 2718] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2716] <... futex resumed>) = 0 [pid 2718] memfd_create("syzkaller", 0 [pid 2716] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2718] <... memfd_create resumed>) = 5 [pid 2716] <... futex resumed>) = 0 [pid 2718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2718] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2718] munmap(0x7f22d914f000, 138412032) = 0 [pid 2718] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2717] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2717] ioctl(6, LOOP_CLR_FD) = 0 [pid 2717] close(6) = 0 [pid 2717] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2717] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2718] <... openat resumed>) = 6 [pid 2718] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2718] ioctl(6, LOOP_CLR_FD) = 0 [pid 2718] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2718] close(6) = 0 [pid 2718] close(5) = 0 [pid 2718] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2718] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2716] exit_group(0) = ? [pid 2718] <... futex resumed>) = ? [pid 2717] <... futex resumed>) = ? [pid 2717] +++ exited with 0 +++ [pid 2718] +++ exited with 0 +++ [pid 2716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2716, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./750", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./750", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./750/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./750/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./750/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./750/bus") = 0 umount2("./750/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./750/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./750/binderfs") = 0 umount2("./750/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./750/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./750/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./750/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./750/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./750") = 0 mkdir("./751", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2720 ./strace-static-x86_64: Process 2720 attached [pid 2720] set_robust_list(0x5555564336a0, 24) = 0 [pid 2720] chdir("./751") = 0 [pid 2720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2720] setpgid(0, 0) = 0 [pid 2720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2720] write(3, "1000", 4) = 4 [pid 2720] close(3) = 0 [pid 2720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2720] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2720] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2720] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2720] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2720] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2721 attached => {parent_tid=[2721]}, 88) = 2721 [pid 2721] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2721] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2720] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2720] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2721] <... futex resumed>) = 0 [pid 2721] memfd_create("syzkaller", 0) = 3 [pid 2720] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2720] <... futex resumed>) = 0 [pid 2720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2720] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2720] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2722 attached => {parent_tid=[2722]}, 88) = 2722 [pid 2722] set_robust_list(0x7f22d916f9a0, 24 [pid 2720] rt_sigprocmask(SIG_SETMASK, [], [pid 2721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2722] <... set_robust_list resumed>) = 0 [pid 2720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2720] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2722] rt_sigprocmask(SIG_SETMASK, [], [pid 2720] <... futex resumed>) = 0 [pid 2722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2720] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2722] creat("./bus", 000 [pid 2721] <... write resumed>) = 262144 [pid 2722] <... creat resumed>) = 4 [pid 2721] munmap(0x7f22d9170000, 138412032 [pid 2722] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2720] <... futex resumed>) = 0 [pid 2722] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2720] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2720] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2722] <... mount resumed>) = 0 [pid 2722] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2721] <... munmap resumed>) = 0 [pid 2720] <... futex resumed>) = 0 [pid 2722] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2721] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2720] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2722] <... open resumed>) = 5 [pid 2721] <... openat resumed>) = 6 [pid 2720] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2722] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2721] ioctl(6, LOOP_SET_FD, 3 [pid 2722] <... futex resumed>) = 1 [pid 2720] <... futex resumed>) = 0 [pid 2722] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2720] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2720] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2722] <... mmap resumed>) = 0x20000000 [ 60.463224][ T2717] loop0: detected capacity change from 0 to 512 [ 60.477619][ T2717] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 60.490783][ T2717] EXT4-fs (loop0): get root inode failed [ 60.496550][ T2717] EXT4-fs (loop0): mount failed [pid 2722] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2720] <... futex resumed>) = 0 [pid 2720] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2721] <... ioctl resumed>) = 0 [pid 2721] close(3) = 0 [pid 2721] close(6 [pid 2722] memfd_create("syzkaller", 0 [pid 2721] <... close resumed>) = 0 [pid 2722] <... memfd_create resumed>) = 3 [pid 2722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2721] mkdir(0x200000c0, 0777 [pid 2722] <... mmap resumed>) = 0x7f22d9170000 [pid 2721] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2721] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2721] ioctl(6, LOOP_CLR_FD) = 0 [pid 2721] close(6) = 0 [pid 2721] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2721] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2722] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2722] munmap(0x7f22d9170000, 138412032) = 0 [pid 2722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2722] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2722] ioctl(6, LOOP_CLR_FD) = 0 [pid 2722] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2722] close(6) = 0 [pid 2722] close(3) = 0 [pid 2722] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2722] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2720] exit_group(0) = ? [pid 2722] <... futex resumed>) = ? [pid 2722] +++ exited with 0 +++ [pid 2721] <... futex resumed>) = ? [pid 2721] +++ exited with 0 +++ [pid 2720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2720, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./751", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./751", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./751/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./751/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./751/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./751/bus") = 0 umount2("./751/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./751/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./751/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./751") = 0 mkdir("./752", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2723 ./strace-static-x86_64: Process 2723 attached [pid 2723] set_robust_list(0x5555564336a0, 24) = 0 [pid 2723] chdir("./752") = 0 [pid 2723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2723] setpgid(0, 0) = 0 [pid 2723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2723] write(3, "1000", 4) = 4 [pid 2723] close(3) = 0 [pid 2723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2723] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2723] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2723] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2723] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2724 attached => {parent_tid=[2724]}, 88) = 2724 [pid 2724] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2724] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2723] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2724] <... futex resumed>) = 0 [pid 2723] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2724] memfd_create("syzkaller", 0) = 3 [pid 2724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2723] <... futex resumed>) = 0 [pid 2723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2723] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2723] <... clone3 resumed> => {parent_tid=[2725]}, 88) = 2725 [pid 2723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2723] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2724] <... write resumed>) = 262144 ./strace-static-x86_64: Process 2725 attached [pid 2724] munmap(0x7f22d9170000, 138412032 [pid 2725] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2724] <... munmap resumed>) = 0 [pid 2724] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2725] rt_sigprocmask(SIG_SETMASK, [], [pid 2724] <... openat resumed>) = 4 [pid 2725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2724] ioctl(4, LOOP_SET_FD, 3 [pid 2725] creat("./bus", 000 [ 60.535012][ T2721] loop0: detected capacity change from 0 to 512 [ 60.541603][ T2722] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [ 60.551022][ T2722] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 60.560257][ T2722] Buffer I/O error on dev loop0, logical block 0, async page read [pid 2723] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2725] <... creat resumed>) = 5 [pid 2725] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2723] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2723] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2725] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2725] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2723] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2723] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2725] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2725] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2723] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2723] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2725] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2724] <... ioctl resumed>) = 0 [pid 2724] close(3) = 0 [pid 2724] close(4) = 0 [pid 2724] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2724] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2724] ioctl(3, LOOP_CLR_FD) = 0 [pid 2724] close(3) = 0 [pid 2724] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2724] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2725] <... mmap resumed>) = 0x20000000 [pid 2725] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2723] <... futex resumed>) = 0 [pid 2723] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2724] <... futex resumed>) = 0 [pid 2724] memfd_create("syzkaller", 0) = 3 [pid 2724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2725] <... futex resumed>) = 1 [pid 2725] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2724] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2724] munmap(0x7f22d9170000, 138412032) = 0 [pid 2724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2724] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2724] ioctl(4, LOOP_CLR_FD) = 0 [pid 2724] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2724] close(4) = 0 [pid 2724] close(3) = 0 [pid 2724] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2724] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2723] exit_group(0 [pid 2725] <... futex resumed>) = ? [pid 2723] <... exit_group resumed>) = ? [pid 2725] +++ exited with 0 +++ [pid 2724] <... futex resumed>) = ? [pid 2724] +++ exited with 0 +++ [pid 2723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2723, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./752", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./752", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./752/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./752/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./752/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./752/bus") = 0 umount2("./752/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./752/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./752/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./752") = 0 mkdir("./753", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2726 ./strace-static-x86_64: Process 2726 attached [pid 2726] set_robust_list(0x5555564336a0, 24) = 0 [pid 2726] chdir("./753") = 0 [pid 2726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2726] setpgid(0, 0) = 0 [pid 2726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2726] write(3, "1000", 4) = 4 [pid 2726] close(3) = 0 [pid 2726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2726] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2726] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 60.615310][ T2724] loop0: detected capacity change from 0 to 512 [pid 2726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2726] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2727 attached [pid 2727] set_robust_list(0x7f22e15909a0, 24 [pid 2726] <... clone3 resumed> => {parent_tid=[2727]}, 88) = 2727 [pid 2727] <... set_robust_list resumed>) = 0 [pid 2726] rt_sigprocmask(SIG_SETMASK, [], [pid 2727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2726] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2726] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2727] memfd_create("syzkaller", 0 [pid 2726] <... futex resumed>) = 0 [pid 2727] <... memfd_create resumed>) = 3 [pid 2726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2726] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2727] <... mmap resumed>) = 0x7f22d914f000 [pid 2726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2728]}, 88) = 2728 [pid 2726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2726] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2726] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2728 attached [pid 2728] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2728] creat("./bus", 000) = 4 [pid 2728] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2726] <... futex resumed>) = 0 [pid 2726] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2726] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2728] <... futex resumed>) = 1 [pid 2728] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2728] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2726] <... futex resumed>) = 0 [pid 2726] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2726] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2728] <... futex resumed>) = 1 [pid 2728] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2728] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2726] <... futex resumed>) = 0 [pid 2726] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2726] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2728] <... futex resumed>) = 1 [pid 2728] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2727] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d93} --- [pid 2728] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2726] <... futex resumed>) = 0 [pid 2726] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2728] <... futex resumed>) = 1 [pid 2728] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2727] +++ killed by SIGBUS +++ [pid 2728] +++ killed by SIGBUS +++ [pid 2726] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2726, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./753", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./753", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./753/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./753/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./753/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./753/bus") = 0 umount2("./753/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./753/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./753/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./753") = 0 mkdir("./754", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2729 ./strace-static-x86_64: Process 2729 attached [pid 2729] set_robust_list(0x5555564336a0, 24) = 0 [pid 2729] chdir("./754") = 0 [pid 2729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2729] setpgid(0, 0) = 0 [pid 2729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2729] write(3, "1000", 4) = 4 [pid 2729] close(3) = 0 [pid 2729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2729] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2729] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2729] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2730 attached => {parent_tid=[2730]}, 88) = 2730 [pid 2730] set_robust_list(0x7f22e15909a0, 24 [pid 2729] rt_sigprocmask(SIG_SETMASK, [], [pid 2730] <... set_robust_list resumed>) = 0 [pid 2729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2729] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2730] rt_sigprocmask(SIG_SETMASK, [], [pid 2729] <... futex resumed>) = 0 [pid 2730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2729] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2730] memfd_create("syzkaller", 0 [pid 2729] <... mmap resumed>) = 0x7f22e154f000 [pid 2729] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2730] <... memfd_create resumed>) = 3 [pid 2730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2729] <... mprotect resumed>) = 0 [pid 2729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2731]}, 88) = 2731 [pid 2729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2729] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2729] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2731 attached [pid 2730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2731] set_robust_list(0x7f22e156f9a0, 24 [pid 2730] <... write resumed>) = 262144 [pid 2731] <... set_robust_list resumed>) = 0 [pid 2730] munmap(0x7f22d914f000, 138412032 [pid 2731] rt_sigprocmask(SIG_SETMASK, [], [pid 2730] <... munmap resumed>) = 0 [pid 2731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2730] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2731] creat("./bus", 000 [pid 2730] <... openat resumed>) = 4 [pid 2730] ioctl(4, LOOP_SET_FD, 3 [pid 2731] <... creat resumed>) = 5 [pid 2731] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2729] <... futex resumed>) = 0 [pid 2729] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2729] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2731] <... futex resumed>) = 1 [pid 2731] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2731] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2729] <... futex resumed>) = 0 [pid 2729] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2729] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2731] <... futex resumed>) = 1 [pid 2731] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2731] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2729] <... futex resumed>) = 0 [pid 2729] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2729] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2731] <... futex resumed>) = 1 [pid 2731] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2730] <... ioctl resumed>) = 0 [pid 2730] close(3) = 0 [pid 2730] close(4) = 0 [pid 2730] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2730] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2730] ioctl(3, LOOP_CLR_FD) = 0 [pid 2730] close(3) = 0 [pid 2730] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2730] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2731] <... mmap resumed>) = 0x20000000 [pid 2731] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2729] <... futex resumed>) = 0 [pid 2731] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2729] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2730] <... futex resumed>) = 0 [pid 2730] memfd_create("syzkaller", 0) = 3 [pid 2730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2730] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2730] munmap(0x7f22d914f000, 138412032) = 0 [pid 2730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2730] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2730] ioctl(4, LOOP_CLR_FD) = 0 [pid 2730] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2730] close(4) = 0 [pid 2730] close(3) = 0 [pid 2730] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2730] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2729] exit_group(0 [pid 2731] <... futex resumed>) = ? [pid 2729] <... exit_group resumed>) = ? [pid 2731] +++ exited with 0 +++ [pid 2730] <... futex resumed>) = ? [pid 2730] +++ exited with 0 +++ [pid 2729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2729, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./754", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./754", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./754/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./754/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./754/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./754/bus") = 0 umount2("./754/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./754/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./754/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./754") = 0 mkdir("./755", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 60.698238][ T2730] loop0: detected capacity change from 0 to 512 [ 60.704725][ T2731] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2732 ./strace-static-x86_64: Process 2732 attached [pid 2732] set_robust_list(0x5555564336a0, 24) = 0 [pid 2732] chdir("./755") = 0 [pid 2732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2732] setpgid(0, 0) = 0 [pid 2732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2732] write(3, "1000", 4) = 4 [pid 2732] close(3) = 0 [pid 2732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2732] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2732] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2733 attached => {parent_tid=[2733]}, 88) = 2733 [pid 2733] set_robust_list(0x7f22e15909a0, 24 [pid 2732] rt_sigprocmask(SIG_SETMASK, [], [pid 2733] <... set_robust_list resumed>) = 0 [pid 2732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2733] rt_sigprocmask(SIG_SETMASK, [], [pid 2732] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2732] <... futex resumed>) = 0 [pid 2732] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2733] memfd_create("syzkaller", 0 [pid 2732] <... futex resumed>) = 0 [pid 2732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2733] <... memfd_create resumed>) = 3 [pid 2732] <... mmap resumed>) = 0x7f22e154f000 [pid 2733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2732] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2733] <... mmap resumed>) = 0x7f22d914f000 [pid 2732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2734]}, 88) = 2734 [pid 2732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2732] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2734 attached [pid 2734] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2734] creat("./bus", 000) = 4 [pid 2734] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2732] <... futex resumed>) = 0 [pid 2732] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2734] <... futex resumed>) = 1 [pid 2734] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2734] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2732] <... futex resumed>) = 0 [pid 2732] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2734] <... futex resumed>) = 1 [pid 2734] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2734] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2732] <... futex resumed>) = 0 [pid 2732] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2734] <... futex resumed>) = 1 [pid 2734] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2733] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d6b} --- [pid 2734] <... mmap resumed>) = 0x20000000 [pid 2732] <... futex resumed>) = ? [pid 2734] +++ killed by SIGBUS +++ [pid 2733] +++ killed by SIGBUS +++ [pid 2732] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2732, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./755", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./755", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./755/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./755/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./755/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./755/bus") = 0 umount2("./755/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./755/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./755/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./755") = 0 mkdir("./756", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2735 ./strace-static-x86_64: Process 2735 attached [pid 2735] set_robust_list(0x5555564336a0, 24) = 0 [pid 2735] chdir("./756") = 0 [pid 2735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2735] setpgid(0, 0) = 0 [pid 2735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2735] write(3, "1000", 4) = 4 [pid 2735] close(3) = 0 [pid 2735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2735] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2735] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2735] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2735] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2736 attached => {parent_tid=[2736]}, 88) = 2736 [pid 2736] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2736] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2735] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2736] <... futex resumed>) = 0 [pid 2735] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2736] memfd_create("syzkaller", 0) = 3 [pid 2736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2735] <... futex resumed>) = 0 [pid 2735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2735] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2735] <... clone3 resumed> => {parent_tid=[2737]}, 88) = 2737 [pid 2735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2735] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2736] <... write resumed>) = 262144 [pid 2735] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2736] munmap(0x7f22d9170000, 138412032) = 0 [pid 2736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2736] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2737 attached ) = 0 [pid 2736] close(3) = 0 [pid 2736] close(4 [pid 2737] set_robust_list(0x7f22d916f9a0, 24 [pid 2736] <... close resumed>) = 0 [pid 2736] mkdir("./file0", 0777 [pid 2737] <... set_robust_list resumed>) = 0 [pid 2737] rt_sigprocmask(SIG_SETMASK, [], [pid 2736] <... mkdir resumed>) = 0 [pid 2736] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2737] creat("./bus", 000) = 3 [pid 2736] <... mount resumed>) = 0 [pid 2736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 2736] chdir("./file0") = 0 [pid 2736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2736] ioctl(5, LOOP_CLR_FD) = 0 [pid 2736] close(5 [pid 2737] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2736] <... close resumed>) = 0 [pid 2736] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2736] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2737] <... futex resumed>) = 1 [pid 2735] <... futex resumed>) = 0 [pid 2737] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2735] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2736] <... futex resumed>) = 0 [pid 2735] futex(0x7f22e165d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2736] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = -1 ENOENT (No such file or directory) [pid 2736] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2735] <... futex resumed>) = 0 [pid 2735] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2735] futex(0x7f22e165d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2736] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 2736] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2736] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2735] <... futex resumed>) = 0 [pid 2735] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2735] futex(0x7f22e165d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2736] <... futex resumed>) = 0 [pid 2736] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2736] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2735] <... futex resumed>) = 0 [pid 2735] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2736] <... futex resumed>) = 1 [pid 2736] memfd_create("syzkaller", 0) = 5 [pid 2736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2736] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2736] munmap(0x7f22d9170000, 138412032) = 0 [pid 2736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2736] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2736] ioctl(6, LOOP_CLR_FD) = 0 [pid 2736] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2736] close(6) = 0 [pid 2736] close(5) = 0 [pid 2736] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2735] exit_group(0 [pid 2737] <... futex resumed>) = ? [pid 2735] <... exit_group resumed>) = ? [pid 2737] +++ exited with 0 +++ [pid 2736] +++ exited with 0 +++ [pid 2735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2735, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./756", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./756", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./756/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./756/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./756/bus") = 0 umount2("./756/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./756/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./756/binderfs") = 0 [ 60.795208][ T2736] loop0: detected capacity change from 0 to 512 [ 60.806738][ T2736] EXT4-fs (loop0): 1 truncate cleaned up umount2("./756/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./756/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./756/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./756/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./756/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./756/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./756") = 0 mkdir("./757", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2739 attached , child_tidptr=0x555556433690) = 2739 [pid 2739] set_robust_list(0x5555564336a0, 24) = 0 [pid 2739] chdir("./757") = 0 [pid 2739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2739] setpgid(0, 0) = 0 [pid 2739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2739] write(3, "1000", 4) = 4 [pid 2739] close(3) = 0 [pid 2739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2739] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2739] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2739] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2739] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2740 attached [pid 2740] set_robust_list(0x7f22e15909a0, 24 [pid 2739] <... clone3 resumed> => {parent_tid=[2740]}, 88) = 2740 [pid 2740] <... set_robust_list resumed>) = 0 [pid 2739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2739] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2739] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2740] memfd_create("syzkaller", 0 [pid 2739] <... futex resumed>) = 0 [pid 2740] <... memfd_create resumed>) = 3 [pid 2739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2739] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2740] <... mmap resumed>) = 0x7f22d914f000 [pid 2739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2741]}, 88) = 2741 ./strace-static-x86_64: Process 2741 attached [pid 2739] rt_sigprocmask(SIG_SETMASK, [], [pid 2741] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2741] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2739] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2741] <... futex resumed>) = 0 [pid 2741] creat("./bus", 000 [pid 2739] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2741] <... creat resumed>) = 4 [pid 2741] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2741] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2739] <... futex resumed>) = 0 [pid 2739] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2741] <... futex resumed>) = 0 [pid 2741] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2739] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2741] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2739] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] <... futex resumed>) = 0 [pid 2739] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2741] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2741] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2739] <... futex resumed>) = 0 [pid 2741] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2739] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2739] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2741] <... mmap resumed>) = 0x20000000 [pid 2740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000daf} --- [pid 2739] <... futex resumed>) = ? [pid 2740] +++ killed by SIGBUS +++ [pid 2741] +++ killed by SIGBUS +++ [pid 2739] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2739, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./757", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./757", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./757/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./757/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./757/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./757/bus") = 0 umount2("./757/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./757/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./757/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./757") = 0 mkdir("./758", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2742 ./strace-static-x86_64: Process 2742 attached [pid 2742] set_robust_list(0x5555564336a0, 24) = 0 [pid 2742] chdir("./758") = 0 [pid 2742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2742] setpgid(0, 0) = 0 [pid 2742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2742] write(3, "1000", 4) = 4 [pid 2742] close(3) = 0 [pid 2742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2742] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2742] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2742] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2743 attached [pid 2743] set_robust_list(0x7f22e15909a0, 24 [pid 2742] <... clone3 resumed> => {parent_tid=[2743]}, 88) = 2743 [pid 2743] <... set_robust_list resumed>) = 0 [pid 2742] rt_sigprocmask(SIG_SETMASK, [], [pid 2743] rt_sigprocmask(SIG_SETMASK, [], [pid 2742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2742] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2743] memfd_create("syzkaller", 0 [pid 2742] <... futex resumed>) = 0 [pid 2742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2743] <... memfd_create resumed>) = 3 [pid 2743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2742] <... mmap resumed>) = 0x7f22e154f000 [pid 2742] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2743] <... mmap resumed>) = 0x7f22d914f000 [pid 2742] <... mprotect resumed>) = 0 [pid 2742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2744 attached => {parent_tid=[2744]}, 88) = 2744 [pid 2744] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2744] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2742] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2744] <... futex resumed>) = 0 [pid 2744] creat("./bus", 000 [pid 2742] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2744] <... creat resumed>) = 4 [pid 2744] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2744] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2742] <... futex resumed>) = 0 [pid 2742] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2742] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2744] <... futex resumed>) = 0 [pid 2744] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2744] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2742] <... futex resumed>) = 0 [pid 2744] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2742] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2744] <... open resumed>) = 5 [pid 2744] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2742] <... futex resumed>) = 0 [pid 2744] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2742] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2744] <... mmap resumed>) = 0x20000000 [pid 2744] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2742] <... futex resumed>) = 0 [pid 2744] <... futex resumed>) = 1 [pid 2742] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2744] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2742] <... futex resumed>) = 0 [pid 2743] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d9d} --- [pid 2744] +++ killed by SIGBUS +++ [pid 2743] +++ killed by SIGBUS +++ [pid 2742] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2742, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./758", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./758", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./758/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./758/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./758/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./758/bus") = 0 umount2("./758/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./758/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./758/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./758") = 0 mkdir("./759", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2745 ./strace-static-x86_64: Process 2745 attached [pid 2745] set_robust_list(0x5555564336a0, 24) = 0 [pid 2745] chdir("./759") = 0 [pid 2745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2745] setpgid(0, 0) = 0 [pid 2745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2745] write(3, "1000", 4) = 4 [pid 2745] close(3) = 0 [pid 2745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2745] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2745] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2745] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2745] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2746]}, 88) = 2746 [pid 2745] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2745] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2745] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2745] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2747]}, 88) = 2747 [pid 2745] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2745] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2745] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2746 attached [pid 2746] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2746] memfd_create("syzkaller", 0) = 3 [pid 2746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2747 attached [pid 2747] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2747] creat("./bus", 000 [pid 2746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2747] <... creat resumed>) = 4 [pid 2747] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2745] <... futex resumed>) = 0 [pid 2745] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2745] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2747] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] <... write resumed>) = 262144 [pid 2746] munmap(0x7f22d914f000, 138412032 [pid 2745] <... futex resumed>) = 0 [pid 2745] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2745] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] <... futex resumed>) = 1 [pid 2746] <... munmap resumed>) = 0 [pid 2746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2746] ioctl(5, LOOP_SET_FD, 3 [pid 2747] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2746] <... ioctl resumed>) = 0 [pid 2746] close(3) = 0 [pid 2746] close(5) = 0 [pid 2746] mkdir("./file0", 0777) = 0 [pid 2746] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2747] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2745] <... futex resumed>) = 0 [pid 2745] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2745] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] <... futex resumed>) = 1 [pid 2747] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 2747] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2745] <... futex resumed>) = 0 [pid 2745] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2747] <... futex resumed>) = 1 [pid 2747] memfd_create("syzkaller", 0) = 3 [pid 2747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2747] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2747] munmap(0x7f22d914f000, 138412032) = 0 [pid 2746] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2746] ioctl(5, LOOP_CLR_FD) = 0 [pid 2746] close(5) = 0 [pid 2746] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2747] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2747] ioctl(5, LOOP_CLR_FD) = 0 [pid 2747] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2747] close(5) = 0 [pid 2747] close(3) = 0 [pid 2747] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2747] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2745] exit_group(0 [pid 2746] <... futex resumed>) = ? [pid 2745] <... exit_group resumed>) = ? [pid 2746] +++ exited with 0 +++ [pid 2747] <... futex resumed>) = ? [pid 2747] +++ exited with 0 +++ [pid 2745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2745, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./759", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./759", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./759/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./759/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./759/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./759/bus") = 0 umount2("./759/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./759/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./759/binderfs") = 0 umount2("./759/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./759/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./759/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./759/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./759/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./759") = 0 mkdir("./760", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2749 ./strace-static-x86_64: Process 2749 attached [pid 2749] set_robust_list(0x5555564336a0, 24) = 0 [pid 2749] chdir("./760") = 0 [pid 2749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2749] setpgid(0, 0) = 0 [pid 2749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2749] write(3, "1000", 4) = 4 [pid 2749] close(3) = 0 [pid 2749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2749] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2749] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2749] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2749] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2750 attached => {parent_tid=[2750]}, 88) = 2750 [pid 2749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2749] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2749] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2749] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2750] set_robust_list(0x7f22e15909a0, 24 [pid 2749] <... mprotect resumed>) = 0 [pid 2749] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2750] <... set_robust_list resumed>) = 0 [pid 2749] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2750] rt_sigprocmask(SIG_SETMASK, [], [pid 2749] <... clone3 resumed> => {parent_tid=[2751]}, 88) = 2751 [pid 2749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2749] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2749] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2751 attached [pid 2750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2751] set_robust_list(0x7f22e156f9a0, 24 [pid 2750] memfd_create("syzkaller", 0 [pid 2751] <... set_robust_list resumed>) = 0 [pid 2750] <... memfd_create resumed>) = 3 [pid 2750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2751] rt_sigprocmask(SIG_SETMASK, [], [pid 2750] <... mmap resumed>) = 0x7f22d914f000 [pid 2751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2751] creat("./bus", 000 [pid 2750] <... write resumed>) = 262144 [ 60.909945][ T2746] loop0: detected capacity change from 0 to 512 [ 60.922079][ T2746] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 60.935691][ T2746] EXT4-fs (loop0): get root inode failed [ 60.946696][ T2746] EXT4-fs (loop0): mount failed [pid 2750] munmap(0x7f22d914f000, 138412032) = 0 [pid 2750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2751] <... creat resumed>) = 4 [pid 2750] ioctl(5, LOOP_SET_FD, 3 [pid 2751] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] <... futex resumed>) = 0 [pid 2749] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2749] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2751] <... futex resumed>) = 1 [pid 2751] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2751] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] <... futex resumed>) = 0 [pid 2749] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2749] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2751] <... futex resumed>) = 1 [pid 2751] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2751] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] <... futex resumed>) = 0 [pid 2749] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2749] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2751] <... futex resumed>) = 1 [pid 2751] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2750] <... ioctl resumed>) = 0 [pid 2750] close(3) = 0 [pid 2750] close(5 [pid 2751] <... mmap resumed>) = 0x20000000 [pid 2751] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] <... futex resumed>) = 0 [pid 2749] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2751] <... futex resumed>) = 1 [pid 2751] memfd_create("syzkaller", 0) = 3 [pid 2751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2750] <... close resumed>) = 0 [pid 2750] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2750] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2750] ioctl(5, LOOP_CLR_FD) = 0 [pid 2750] close(5) = 0 [pid 2750] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2750] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2751] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2751] munmap(0x7f22d914f000, 138412032) = 0 [pid 2751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2751] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2751] ioctl(5, LOOP_CLR_FD) = 0 [pid 2751] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2751] close(5) = 0 [pid 2751] close(3) = 0 [pid 2751] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2751] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2749] exit_group(0 [pid 2750] <... futex resumed>) = ? [pid 2749] <... exit_group resumed>) = ? [pid 2751] <... futex resumed>) = ? [pid 2750] +++ exited with 0 +++ [pid 2751] +++ exited with 0 +++ [pid 2749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2749, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./760", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./760", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./760/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./760/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./760/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./760/bus") = 0 umount2("./760/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./760/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./760/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./760") = 0 mkdir("./761", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 60.991626][ T2750] loop0: detected capacity change from 0 to 512 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2752 ./strace-static-x86_64: Process 2752 attached [pid 2752] set_robust_list(0x5555564336a0, 24) = 0 [pid 2752] chdir("./761") = 0 [pid 2752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2752] setpgid(0, 0) = 0 [pid 2752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2752] write(3, "1000", 4) = 4 [pid 2752] close(3) = 0 [pid 2752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2752] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2752] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2752] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2753]}, 88) = 2753 ./strace-static-x86_64: Process 2753 attached [pid 2752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2752] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2752] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2752] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2754]}, 88) = 2754 [pid 2753] set_robust_list(0x7f22e15909a0, 24 [pid 2752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2752] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2752] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2754 attached [pid 2754] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2754] creat("./bus", 000 [pid 2753] <... set_robust_list resumed>) = 0 [pid 2754] <... creat resumed>) = 3 [pid 2753] rt_sigprocmask(SIG_SETMASK, [], [pid 2754] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2752] <... futex resumed>) = 0 [pid 2752] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2752] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2754] <... futex resumed>) = 1 [pid 2754] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2754] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2752] <... futex resumed>) = 0 [pid 2752] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2752] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2754] <... futex resumed>) = 1 [pid 2754] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2754] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2752] <... futex resumed>) = 0 [pid 2752] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2752] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2754] <... futex resumed>) = 1 [pid 2754] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2754] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2752] <... futex resumed>) = 0 [pid 2752] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2754] <... futex resumed>) = 1 [pid 2754] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2754] +++ killed by SIGBUS +++ [pid 2753] +++ killed by SIGBUS +++ [pid 2752] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2752, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./761", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./761", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./761/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./761/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./761/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./761/bus") = 0 umount2("./761/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./761/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./761/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./761") = 0 mkdir("./762", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2755 ./strace-static-x86_64: Process 2755 attached [pid 2755] set_robust_list(0x5555564336a0, 24) = 0 [pid 2755] chdir("./762") = 0 [pid 2755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2755] setpgid(0, 0) = 0 [pid 2755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2755] write(3, "1000", 4) = 4 [pid 2755] close(3) = 0 [pid 2755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2755] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2755] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2755] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2755] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2756 attached [pid 2756] set_robust_list(0x7f22e15909a0, 24 [pid 2755] <... clone3 resumed> => {parent_tid=[2756]}, 88) = 2756 [pid 2756] <... set_robust_list resumed>) = 0 [pid 2755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2756] rt_sigprocmask(SIG_SETMASK, [], [pid 2755] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2755] <... futex resumed>) = 0 [pid 2756] memfd_create("syzkaller", 0 [pid 2755] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2756] <... memfd_create resumed>) = 3 [pid 2755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2755] <... mmap resumed>) = 0x7f22e154f000 [pid 2755] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2756] <... mmap resumed>) = 0x7f22d914f000 [pid 2755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2757]}, 88) = 2757 [pid 2755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2755] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2755] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2757 attached [pid 2756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2757] set_robust_list(0x7f22e156f9a0, 24 [pid 2756] <... write resumed>) = 262144 [pid 2757] <... set_robust_list resumed>) = 0 [pid 2756] munmap(0x7f22d914f000, 138412032 [pid 2757] rt_sigprocmask(SIG_SETMASK, [], [pid 2756] <... munmap resumed>) = 0 [pid 2757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2756] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2757] creat("./bus", 000 [pid 2756] <... openat resumed>) = 4 [pid 2756] ioctl(4, LOOP_SET_FD, 3 [pid 2757] <... creat resumed>) = 5 [pid 2756] <... ioctl resumed>) = 0 [pid 2757] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2756] close(3 [pid 2757] <... futex resumed>) = 1 [pid 2756] <... close resumed>) = 0 [pid 2755] <... futex resumed>) = 0 [pid 2755] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2755] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2757] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2756] close(4 [pid 2757] <... mount resumed>) = 0 [pid 2756] <... close resumed>) = 0 [pid 2757] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2756] mkdir("./file0", 0777 [pid 2757] <... futex resumed>) = 1 [pid 2755] <... futex resumed>) = 0 [pid 2755] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2755] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2757] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2756] <... mkdir resumed>) = 0 [pid 2757] <... open resumed>) = 3 [pid 2757] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2755] <... futex resumed>) = 0 [pid 2755] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2755] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2757] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2756] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 2757] <... mmap resumed>) = 0x20000000 [pid 2757] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2755] <... futex resumed>) = 0 [pid 2755] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2757] memfd_create("syzkaller", 0) = 4 [pid 2757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2756] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 2756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2756] ioctl(6, LOOP_CLR_FD) = 0 [pid 2756] close(6) = 0 [pid 2756] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2757] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2756] <... futex resumed>) = 0 [pid 2756] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2757] <... write resumed>) = 4194304 [pid 2757] munmap(0x7f22d914f000, 138412032) = 0 [pid 2757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2757] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2757] ioctl(6, LOOP_CLR_FD) = 0 [pid 2757] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2757] close(6) = 0 [pid 2757] close(4) = 0 [pid 2757] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2757] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2755] exit_group(0 [pid 2757] <... futex resumed>) = ? [pid 2756] <... futex resumed>) = ? [pid 2755] <... exit_group resumed>) = ? [pid 2756] +++ exited with 0 +++ [pid 2757] +++ exited with 0 +++ [pid 2755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2755, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./762", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./762", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./762/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./762/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./762/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./762/bus") = 0 umount2("./762/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./762/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./762/binderfs") = 0 umount2("./762/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./762/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./762/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./762/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 [ 61.079905][ T2756] loop0: detected capacity change from 0 to 512 close(4) = 0 rmdir("./762/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./762") = 0 mkdir("./763", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2758 ./strace-static-x86_64: Process 2758 attached [pid 2758] set_robust_list(0x5555564336a0, 24) = 0 [pid 2758] chdir("./763") = 0 [pid 2758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2758] setpgid(0, 0) = 0 [pid 2758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2758] write(3, "1000", 4) = 4 [pid 2758] close(3) = 0 [pid 2758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2758] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2758] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2758] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2758] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2758] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2759]}, 88) = 2759 ./strace-static-x86_64: Process 2759 attached [pid 2758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2758] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2758] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2758] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2758] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2760 attached [pid 2759] set_robust_list(0x7f22e15909a0, 24 [pid 2758] <... clone3 resumed> => {parent_tid=[2760]}, 88) = 2760 [pid 2758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2758] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2758] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2760] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2760] creat("./bus", 000 [pid 2759] <... set_robust_list resumed>) = 0 [pid 2760] <... creat resumed>) = 3 [pid 2760] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2758] <... futex resumed>) = 0 [pid 2758] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2758] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2760] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2760] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2758] <... futex resumed>) = 0 [pid 2758] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2758] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2760] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2760] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2758] <... futex resumed>) = 0 [pid 2758] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2758] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2760] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2759] rt_sigprocmask(SIG_SETMASK, [], [pid 2760] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2758] <... futex resumed>) = 0 [pid 2758] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2759] +++ killed by SIGBUS +++ [pid 2760] +++ killed by SIGBUS +++ [pid 2758] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2758, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./763", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./763", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./763/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./763/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./763/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./763/bus") = 0 umount2("./763/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./763/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./763/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./763") = 0 mkdir("./764", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2761 ./strace-static-x86_64: Process 2761 attached [pid 2761] set_robust_list(0x5555564336a0, 24) = 0 [pid 2761] chdir("./764") = 0 [pid 2761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2761] setpgid(0, 0) = 0 [pid 2761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2761] write(3, "1000", 4) = 4 [pid 2761] close(3) = 0 [pid 2761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2761] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2761] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2761] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2761] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2761] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2761] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2762]}, 88) = 2762 [pid 2761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2761] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2761] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2761] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2761] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2762 attached => {parent_tid=[2763]}, 88) = 2763 [pid 2761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2761] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2763 attached [pid 2763] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2763] creat("./bus", 000 [pid 2762] set_robust_list(0x7f22e15909a0, 24 [pid 2763] <... creat resumed>) = 3 [pid 2762] <... set_robust_list resumed>) = 0 [pid 2763] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2761] <... futex resumed>) = 0 [pid 2761] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2763] <... futex resumed>) = 1 [pid 2763] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2762] rt_sigprocmask(SIG_SETMASK, [], [pid 2763] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2761] <... futex resumed>) = 0 [pid 2761] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2763] <... futex resumed>) = 1 [pid 2763] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2763] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2761] <... futex resumed>) = 0 [pid 2761] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2763] <... futex resumed>) = 1 [pid 2763] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2763] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2761] <... futex resumed>) = 0 [pid 2761] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2763] <... futex resumed>) = 1 [pid 2763] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2763] +++ killed by SIGBUS +++ [pid 2762] +++ killed by SIGBUS +++ [pid 2761] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2761, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./764", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./764", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./764/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./764/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./764/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./764/bus") = 0 umount2("./764/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./764/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./764/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./764") = 0 mkdir("./765", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2764 ./strace-static-x86_64: Process 2764 attached [pid 2764] set_robust_list(0x5555564336a0, 24) = 0 [pid 2764] chdir("./765") = 0 [pid 2764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2764] setpgid(0, 0) = 0 [pid 2764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2764] write(3, "1000", 4) = 4 [pid 2764] close(3) = 0 [pid 2764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2764] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2764] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2764] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2764] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2764] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2764] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2765 attached => {parent_tid=[2765]}, 88) = 2765 [pid 2764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2764] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2764] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2765] set_robust_list(0x7f22e15909a0, 24 [pid 2764] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2765] <... set_robust_list resumed>) = 0 [pid 2765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2764] <... mprotect resumed>) = 0 [pid 2764] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2765] memfd_create("syzkaller", 0 [pid 2764] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2765] <... memfd_create resumed>) = 3 [pid 2765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2764] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2766]}, 88) = 2766 [pid 2764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2764] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2764] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2766 attached [pid 2765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2766] set_robust_list(0x7f22e156f9a0, 24 [pid 2765] <... write resumed>) = 262144 [pid 2766] <... set_robust_list resumed>) = 0 [pid 2765] munmap(0x7f22d914f000, 138412032 [pid 2766] rt_sigprocmask(SIG_SETMASK, [], [pid 2765] <... munmap resumed>) = 0 [pid 2766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2765] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2766] creat("./bus", 000 [pid 2765] <... openat resumed>) = 4 [pid 2765] ioctl(4, LOOP_SET_FD, 3 [pid 2766] <... creat resumed>) = 5 [pid 2766] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2764] <... futex resumed>) = 0 [pid 2764] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2764] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2766] <... futex resumed>) = 1 [pid 2766] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2766] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2764] <... futex resumed>) = 0 [pid 2764] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2764] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2766] <... futex resumed>) = 1 [pid 2766] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2765] <... ioctl resumed>) = 0 [pid 2766] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2764] <... futex resumed>) = 0 [pid 2764] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2764] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2766] <... futex resumed>) = 1 [pid 2766] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2765] close(3) = 0 [pid 2765] close(4) = 0 [pid 2765] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2766] <... mmap resumed>) = 0x20000000 [pid 2766] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2764] <... futex resumed>) = 0 [pid 2766] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2765] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 2764] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2764] <... futex resumed>) = 0 [pid 2766] memfd_create("syzkaller", 0) = 3 [pid 2766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2765] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 2766] <... mmap resumed>) = 0x7f22d914f000 [pid 2765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2765] ioctl(4, LOOP_CLR_FD) = 0 [pid 2765] close(4) = 0 [pid 2765] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2765] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2766] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2766] munmap(0x7f22d914f000, 138412032) = 0 [pid 2766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2766] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2766] ioctl(4, LOOP_CLR_FD) = 0 [pid 2766] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2766] close(4) = 0 [pid 2766] close(3) = 0 [pid 2766] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2764] exit_group(0 [pid 2765] <... futex resumed>) = ? [pid 2764] <... exit_group resumed>) = ? [pid 2765] +++ exited with 0 +++ [pid 2766] +++ exited with 0 +++ [pid 2764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2764, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./765", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./765", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./765/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./765/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./765/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./765/bus") = 0 umount2("./765/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./765/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./765/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./765") = 0 mkdir("./766", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 61.185712][ T2765] loop0: detected capacity change from 0 to 512 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2767 ./strace-static-x86_64: Process 2767 attached [pid 2767] set_robust_list(0x5555564336a0, 24) = 0 [pid 2767] chdir("./766") = 0 [pid 2767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2767] setpgid(0, 0) = 0 [pid 2767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2767] write(3, "1000", 4) = 4 [pid 2767] close(3) = 0 [pid 2767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2767] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2767] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2767] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2767] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2767] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2767] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2768 attached [pid 2768] set_robust_list(0x7f22e15909a0, 24 [pid 2767] <... clone3 resumed> => {parent_tid=[2768]}, 88) = 2768 [pid 2768] <... set_robust_list resumed>) = 0 [pid 2767] rt_sigprocmask(SIG_SETMASK, [], [pid 2768] rt_sigprocmask(SIG_SETMASK, [], [pid 2767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2767] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2768] memfd_create("syzkaller", 0 [pid 2767] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2768] <... memfd_create resumed>) = 3 [pid 2767] <... futex resumed>) = 0 [pid 2767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2767] <... mmap resumed>) = 0x7f22e154f000 [pid 2767] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2768] <... mmap resumed>) = 0x7f22d914f000 [pid 2767] <... mprotect resumed>) = 0 [pid 2767] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2767] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2769]}, 88) = 2769 [pid 2767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2767] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2767] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2769 attached [pid 2768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2769] set_robust_list(0x7f22e156f9a0, 24 [pid 2768] <... write resumed>) = 262144 [pid 2768] munmap(0x7f22d914f000, 138412032) = 0 [pid 2768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2768] ioctl(4, LOOP_SET_FD, 3 [pid 2769] <... set_robust_list resumed>) = 0 [pid 2768] <... ioctl resumed>) = 0 [pid 2769] rt_sigprocmask(SIG_SETMASK, [], [pid 2768] close(3 [pid 2769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2768] <... close resumed>) = 0 [pid 2769] creat("./bus", 000 [pid 2768] close(4 [pid 2769] <... creat resumed>) = 3 [pid 2768] <... close resumed>) = 0 [pid 2769] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2768] mkdir("./file0", 0777 [pid 2769] <... futex resumed>) = 1 [pid 2767] <... futex resumed>) = 0 [pid 2767] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2767] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2769] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2769] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2767] <... futex resumed>) = 0 [pid 2767] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2767] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2769] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2769] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2767] <... futex resumed>) = 0 [pid 2767] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2767] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2769] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2768] <... mkdir resumed>) = 0 [pid 2768] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 2769] <... mmap resumed>) = 0x20000000 [pid 2769] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2768] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 2769] <... futex resumed>) = 1 [pid 2768] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2767] <... futex resumed>) = 0 [pid 2767] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2769] memfd_create("syzkaller", 0 [pid 2768] <... openat resumed>) = 5 [pid 2769] <... memfd_create resumed>) = 6 [pid 2768] ioctl(5, LOOP_CLR_FD [pid 2769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2768] <... ioctl resumed>) = 0 [pid 2769] <... mmap resumed>) = 0x7f22d914f000 [pid 2768] close(5) = 0 [pid 2769] write(6, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2768] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2768] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2769] <... write resumed>) = 4194304 [pid 2769] munmap(0x7f22d914f000, 138412032) = 0 [pid 2769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2769] ioctl(5, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2769] ioctl(5, LOOP_CLR_FD) = 0 [pid 2769] ioctl(5, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2769] close(5) = 0 [pid 2769] close(6) = 0 [pid 2769] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2769] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2767] exit_group(0 [pid 2768] <... futex resumed>) = ? [pid 2767] <... exit_group resumed>) = ? [pid 2768] +++ exited with 0 +++ [pid 2769] <... futex resumed>) = ? [pid 2769] +++ exited with 0 +++ [pid 2767] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2767, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./766", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./766", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./766/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./766/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./766/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./766/bus") = 0 umount2("./766/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./766/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./766/binderfs") = 0 umount2("./766/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./766/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./766/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./766/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./766/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./766") = 0 mkdir("./767", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2770 ./strace-static-x86_64: Process 2770 attached [pid 2770] set_robust_list(0x5555564336a0, 24) = 0 [pid 2770] chdir("./767") = 0 [pid 2770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2770] setpgid(0, 0) = 0 [pid 2770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2770] write(3, "1000", 4) = 4 [pid 2770] close(3) = 0 [pid 2770] symlink("/dev/binderfs", "./binderfs") = 0 [ 61.257534][ T2768] loop0: detected capacity change from 0 to 512 [pid 2770] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2770] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2770] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2770] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2770] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2770] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2771]}, 88) = 2771 [pid 2770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2770] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2770] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2770] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2770] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 2771 attached [], 8) = 0 [pid 2770] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2772]}, 88) = 2772 [pid 2770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2770] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2770] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2771] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2771] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2772 attached NULL, 8) = 0 [pid 2771] memfd_create("syzkaller", 0 [pid 2772] set_robust_list(0x7f22e156f9a0, 24 [pid 2771] <... memfd_create resumed>) = 3 [pid 2771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2772] <... set_robust_list resumed>) = 0 [pid 2772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2772] creat("./bus", 000) = 4 [pid 2772] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2770] <... futex resumed>) = 0 [pid 2770] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2770] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2771] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2772] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2772] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2770] <... futex resumed>) = 0 [pid 2770] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2770] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2772] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2771] <... write resumed>) = 262144 [pid 2771] munmap(0x7f22d914f000, 138412032 [pid 2772] <... open resumed>) = 5 [pid 2771] <... munmap resumed>) = 0 [pid 2771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2771] ioctl(6, LOOP_SET_FD, 3 [pid 2772] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2770] <... futex resumed>) = 0 [pid 2771] <... ioctl resumed>) = 0 [pid 2770] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2771] close(3 [pid 2770] <... futex resumed>) = 0 [pid 2771] <... close resumed>) = 0 [pid 2770] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2771] close(6 [pid 2772] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2771] <... close resumed>) = 0 [pid 2771] mkdir("./file0", 0777 [pid 2772] <... mmap resumed>) = 0x20000000 [pid 2771] <... mkdir resumed>) = 0 [pid 2771] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2771] ioctl(3, LOOP_CLR_FD) = 0 [pid 2771] close(3) = 0 [pid 2771] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2771] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2772] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2770] <... futex resumed>) = 0 [pid 2772] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2770] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2771] <... futex resumed>) = 0 [pid 2770] <... futex resumed>) = 1 [pid 2771] memfd_create("syzkaller", 0) = 3 [pid 2771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2771] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2771] munmap(0x7f22d914f000, 138412032) = 0 [pid 2771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2771] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2771] ioctl(6, LOOP_CLR_FD) = 0 [pid 2771] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2771] close(6) = 0 [pid 2771] close(3) = 0 [pid 2771] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2771] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2770] exit_group(0) = ? [pid 2772] <... futex resumed>) = ? [pid 2771] <... futex resumed>) = ? [pid 2772] +++ exited with 0 +++ [pid 2771] +++ exited with 0 +++ [pid 2770] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2770, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./767", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./767", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./767/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./767/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./767/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./767/bus") = 0 umount2("./767/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./767/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./767/binderfs") = 0 umount2("./767/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./767/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./767/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./767/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./767/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./767") = 0 mkdir("./768", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2773 ./strace-static-x86_64: Process 2773 attached [pid 2773] set_robust_list(0x5555564336a0, 24) = 0 [pid 2773] chdir("./768") = 0 [pid 2773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2773] setpgid(0, 0) = 0 [pid 2773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2773] write(3, "1000", 4) = 4 [pid 2773] close(3) = 0 [pid 2773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2773] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2773] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2773] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2773] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2774]}, 88) = 2774 [pid 2773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2773] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2773] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2773] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2775]}, 88) = 2775 [ 61.324449][ T2771] loop0: detected capacity change from 0 to 512 [pid 2773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2773] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2773] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2774 attached [pid 2774] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2774] memfd_create("syzkaller", 0) = 3 [pid 2774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2775 attached [pid 2775] set_robust_list(0x7f22e156f9a0, 24 [pid 2774] <... write resumed>) = 262144 [pid 2775] <... set_robust_list resumed>) = 0 [pid 2774] munmap(0x7f22d914f000, 138412032 [pid 2775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2775] creat("./bus", 000 [pid 2774] <... munmap resumed>) = 0 [pid 2775] <... creat resumed>) = 4 [pid 2774] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2775] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2774] <... openat resumed>) = 5 [pid 2774] ioctl(5, LOOP_SET_FD, 3 [pid 2775] <... futex resumed>) = 1 [pid 2773] <... futex resumed>) = 0 [pid 2773] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2773] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2775] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2775] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2773] <... futex resumed>) = 0 [pid 2773] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2773] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2775] <... futex resumed>) = 1 [pid 2775] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2775] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2773] <... futex resumed>) = 0 [pid 2773] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2773] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2775] <... futex resumed>) = 1 [pid 2775] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2774] <... ioctl resumed>) = 0 [pid 2774] close(3) = 0 [pid 2774] close(5 [pid 2775] <... mmap resumed>) = 0x20000000 [pid 2775] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2773] <... futex resumed>) = 0 [pid 2773] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2775] <... futex resumed>) = 1 [pid 2775] memfd_create("syzkaller", 0) = 3 [pid 2775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2774] <... close resumed>) = 0 [pid 2774] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2774] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2775] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2774] ioctl(5, LOOP_CLR_FD) = 0 [pid 2774] close(5) = 0 [pid 2774] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2774] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2775] <... write resumed>) = 4194304 [pid 2775] munmap(0x7f22d914f000, 138412032) = 0 [pid 2775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2775] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2775] ioctl(5, LOOP_CLR_FD) = 0 [pid 2775] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2775] close(5) = 0 [pid 2775] close(3) = 0 [pid 2775] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2775] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2773] exit_group(0 [pid 2775] <... futex resumed>) = ? [pid 2774] <... futex resumed>) = ? [pid 2773] <... exit_group resumed>) = ? [pid 2774] +++ exited with 0 +++ [pid 2775] +++ exited with 0 +++ [pid 2773] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2773, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./768", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./768", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./768/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./768/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./768/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./768/bus") = 0 umount2("./768/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./768/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./768/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 [ 61.389973][ T2774] loop0: detected capacity change from 0 to 512 close(3) = 0 rmdir("./768") = 0 mkdir("./769", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2777 attached [pid 2777] set_robust_list(0x5555564336a0, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 2777 [pid 2777] chdir("./769") = 0 [pid 2777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2777] setpgid(0, 0) = 0 [pid 2777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2777] write(3, "1000", 4) = 4 [pid 2777] close(3) = 0 [pid 2777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2777] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2777] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2777] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2777] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2777] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2778 attached => {parent_tid=[2778]}, 88) = 2778 [pid 2778] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2778] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2777] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2778] <... futex resumed>) = 0 [pid 2778] memfd_create("syzkaller", 0 [pid 2777] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2777] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2778] <... memfd_create resumed>) = 3 [pid 2778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2777] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2778] <... mmap resumed>) = 0x7f22d914f000 [pid 2777] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2779 attached [pid 2779] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2777] <... clone3 resumed> => {parent_tid=[2779]}, 88) = 2779 [pid 2779] rt_sigprocmask(SIG_SETMASK, [], [pid 2777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2777] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2777] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2779] creat("./bus", 000) = 4 [pid 2779] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2777] <... futex resumed>) = 0 [pid 2777] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2777] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2779] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2779] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2777] <... futex resumed>) = 0 [pid 2777] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2777] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2779] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2778] <... write resumed>) = 262144 [pid 2778] munmap(0x7f22d914f000, 138412032) = 0 [pid 2778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2778] ioctl(6, LOOP_SET_FD, 3 [pid 2779] <... open resumed>) = 5 [pid 2778] <... ioctl resumed>) = 0 [pid 2778] close(3) = 0 [pid 2778] close(6) = 0 [pid 2778] mkdir("./file0", 0777) = 0 [pid 2778] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2779] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2777] <... futex resumed>) = 0 [pid 2777] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2777] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2779] <... futex resumed>) = 1 [pid 2779] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2778] <... mount resumed>) = 0 [pid 2779] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2777] <... futex resumed>) = 0 [pid 2777] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2779] <... futex resumed>) = 1 [pid 2779] memfd_create("syzkaller", 0) = 3 [pid 2779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2779] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2778] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2778] ioctl(6, LOOP_CLR_FD) = 0 [pid 2778] close(6) = 0 [pid 2778] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2778] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2779] <... write resumed>) = 4194304 [pid 2779] munmap(0x7f22d914f000, 138412032) = 0 [pid 2779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2779] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2779] ioctl(6, LOOP_CLR_FD) = 0 [pid 2779] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2779] close(6) = 0 [pid 2779] close(3) = 0 [pid 2779] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2777] exit_group(0 [pid 2778] <... futex resumed>) = ? [pid 2777] <... exit_group resumed>) = ? [pid 2779] <... futex resumed>) = ? [pid 2778] +++ exited with 0 +++ [pid 2779] +++ exited with 0 +++ [pid 2777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2777, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./769", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./769", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./769/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./769/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./769/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./769/bus") = 0 umount2("./769/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./769/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./769/binderfs") = 0 umount2("./769/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./769/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./769/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./769/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./769/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./769/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./769") = 0 mkdir("./770", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 61.463032][ T2778] loop0: detected capacity change from 0 to 512 [ 61.474814][ T2778] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2781 ./strace-static-x86_64: Process 2781 attached [pid 2781] set_robust_list(0x5555564336a0, 24) = 0 [pid 2781] chdir("./770") = 0 [pid 2781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2781] setpgid(0, 0) = 0 [pid 2781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2781] write(3, "1000", 4) = 4 [pid 2781] close(3) = 0 [pid 2781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2781] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2781] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2781] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2781] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2782 attached [pid 2782] set_robust_list(0x7f22e15909a0, 24 [pid 2781] <... clone3 resumed> => {parent_tid=[2782]}, 88) = 2782 [pid 2782] <... set_robust_list resumed>) = 0 [pid 2781] rt_sigprocmask(SIG_SETMASK, [], [pid 2782] rt_sigprocmask(SIG_SETMASK, [], [pid 2781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2782] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2781] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2781] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2782] memfd_create("syzkaller", 0 [pid 2781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2782] <... memfd_create resumed>) = 3 [pid 2781] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2781] <... mprotect resumed>) = 0 [pid 2781] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2782] <... mmap resumed>) = 0x7f22d914f000 [pid 2781] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2783 attached => {parent_tid=[2783]}, 88) = 2783 [pid 2781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2781] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2781] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2783] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2783] creat("./bus", 000 [pid 2782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2783] <... creat resumed>) = 4 [pid 2783] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2781] <... futex resumed>) = 0 [pid 2783] <... futex resumed>) = 1 [pid 2781] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2781] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2783] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2783] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2781] <... futex resumed>) = 0 [pid 2783] <... futex resumed>) = 1 [pid 2781] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2781] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2782] <... write resumed>) = 262144 [pid 2782] munmap(0x7f22d914f000, 138412032 [pid 2783] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2782] <... munmap resumed>) = 0 [pid 2782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2783] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2782] ioctl(6, LOOP_SET_FD, 3 [pid 2783] <... futex resumed>) = 1 [pid 2781] <... futex resumed>) = 0 [pid 2781] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2781] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2782] <... ioctl resumed>) = 0 [pid 2782] close(3) = 0 [pid 2782] close(6 [pid 2783] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2782] <... close resumed>) = 0 [pid 2782] mkdir("./file0", 0777) = 0 [pid 2782] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"...) = 0 [pid 2782] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2782] ioctl(3, LOOP_CLR_FD) = 0 [pid 2782] close(3) = 0 [pid 2782] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2782] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] <... mmap resumed>) = 0x20000000 [pid 2783] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2781] <... futex resumed>) = 0 [pid 2783] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2781] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2782] <... futex resumed>) = 0 [pid 2781] <... futex resumed>) = 1 [pid 2782] memfd_create("syzkaller", 0) = 3 [pid 2782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2782] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2782] munmap(0x7f22d914f000, 138412032) = 0 [pid 2782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2782] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2782] ioctl(6, LOOP_CLR_FD) = 0 [pid 2782] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2782] close(6) = 0 [pid 2782] close(3) = 0 [pid 2782] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2782] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2781] exit_group(0) = ? [pid 2783] <... futex resumed>) = ? [pid 2783] +++ exited with 0 +++ [pid 2782] <... futex resumed>) = ? [pid 2782] +++ exited with 0 +++ [pid 2781] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2781, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./770", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./770", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./770/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./770/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./770/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./770/bus") = 0 umount2("./770/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./770/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./770/binderfs") = 0 [ 61.532289][ T2782] loop0: detected capacity change from 0 to 512 [ 61.543758][ T2782] EXT4-fs (loop0): 1 truncate cleaned up umount2("./770/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./770/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./770/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./770/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./770/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./770/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./770") = 0 mkdir("./771", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2785 ./strace-static-x86_64: Process 2785 attached [pid 2785] set_robust_list(0x5555564336a0, 24) = 0 [pid 2785] chdir("./771") = 0 [pid 2785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2785] setpgid(0, 0) = 0 [pid 2785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2785] write(3, "1000", 4) = 4 [pid 2785] close(3) = 0 [pid 2785] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2785] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2785] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2785] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2785] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2785] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2785] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2785] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2786]}, 88) = 2786 [pid 2785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2785] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2785] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2785] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2785] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2785] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2785] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2787]}, 88) = 2787 [pid 2785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2785] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2785] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2786 attached [pid 2786] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2786] memfd_create("syzkaller", 0) = 3 [pid 2786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2787 attached [pid 2787] set_robust_list(0x7f22e156f9a0, 24 [pid 2786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2787] <... set_robust_list resumed>) = 0 [pid 2787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2787] creat("./bus", 000) = 4 [pid 2787] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2785] <... futex resumed>) = 0 [pid 2785] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2785] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2787] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2787] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2785] <... futex resumed>) = 0 [pid 2785] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2785] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2787] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2787] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2785] <... futex resumed>) = 0 [pid 2785] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2785] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2787] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2786] <... write resumed>) = 262144 [pid 2787] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2786] munmap(0x7f22d914f000, 138412032 [pid 2787] <... futex resumed>) = 1 [pid 2785] <... futex resumed>) = 0 [pid 2785] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2787] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2786] <... munmap resumed>) = 0 [pid 2787] +++ killed by SIGBUS +++ [pid 2786] +++ killed by SIGBUS +++ [pid 2785] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2785, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./771", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./771", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./771/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./771/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./771/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./771/bus") = 0 umount2("./771/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./771/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./771/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./771") = 0 mkdir("./772", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2788 ./strace-static-x86_64: Process 2788 attached [pid 2788] set_robust_list(0x5555564336a0, 24) = 0 [pid 2788] chdir("./772") = 0 [pid 2788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2788] setpgid(0, 0) = 0 [pid 2788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2788] write(3, "1000", 4) = 4 [pid 2788] close(3) = 0 [pid 2788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2788] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2788] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2788] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2788] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2789 attached [pid 2789] set_robust_list(0x7f22e15909a0, 24 [pid 2788] <... clone3 resumed> => {parent_tid=[2789]}, 88) = 2789 [pid 2789] <... set_robust_list resumed>) = 0 [pid 2788] rt_sigprocmask(SIG_SETMASK, [], [pid 2789] rt_sigprocmask(SIG_SETMASK, [], [pid 2788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2788] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2788] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2789] memfd_create("syzkaller", 0) = 3 [pid 2788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2788] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2788] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2789] <... mmap resumed>) = 0x7f22d914f000 [pid 2788] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2790]}, 88) = 2790 ./strace-static-x86_64: Process 2790 attached [pid 2790] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2790] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2788] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2790] <... futex resumed>) = 0 [pid 2790] creat("./bus", 000 [pid 2788] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2790] <... creat resumed>) = 4 [pid 2790] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2790] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2788] <... futex resumed>) = 0 [pid 2788] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2790] <... futex resumed>) = 0 [pid 2788] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2790] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2790] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2788] <... futex resumed>) = 0 [pid 2790] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2788] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2788] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2790] <... open resumed>) = 5 [pid 2790] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2788] <... futex resumed>) = 0 [pid 2790] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2788] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2788] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2790] <... mmap resumed>) = 0x20000000 [pid 2789] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d5d} --- [pid 2790] +++ killed by SIGBUS +++ [pid 2788] <... futex resumed>) = ? [pid 2789] +++ killed by SIGBUS +++ [pid 2788] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2788, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./772", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./772", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./772/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./772/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./772/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./772/bus") = 0 umount2("./772/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./772/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./772/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./772") = 0 mkdir("./773", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2791 ./strace-static-x86_64: Process 2791 attached [pid 2791] set_robust_list(0x5555564336a0, 24) = 0 [pid 2791] chdir("./773") = 0 [pid 2791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2791] setpgid(0, 0) = 0 [pid 2791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2791] write(3, "1000", 4) = 4 [pid 2791] close(3) = 0 [pid 2791] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2791] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2791] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2791] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2791] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2791] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2791] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2792 attached [pid 2792] set_robust_list(0x7f22e15909a0, 24 [pid 2791] <... clone3 resumed> => {parent_tid=[2792]}, 88) = 2792 [pid 2792] <... set_robust_list resumed>) = 0 [pid 2791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2792] rt_sigprocmask(SIG_SETMASK, [], [pid 2791] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2791] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2792] memfd_create("syzkaller", 0 [pid 2791] <... futex resumed>) = 0 [pid 2791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2792] <... memfd_create resumed>) = 3 [pid 2792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2791] <... mmap resumed>) = 0x7f22e154f000 [pid 2791] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2792] <... mmap resumed>) = 0x7f22d914f000 [pid 2791] <... mprotect resumed>) = 0 [pid 2791] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2791] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2793 attached => {parent_tid=[2793]}, 88) = 2793 [pid 2793] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2793] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2791] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2793] <... futex resumed>) = 0 [pid 2793] creat("./bus", 000 [pid 2791] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2793] <... creat resumed>) = 4 [pid 2793] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2793] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2791] <... futex resumed>) = 0 [pid 2791] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2793] <... futex resumed>) = 0 [pid 2793] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2791] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2793] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2793] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2791] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2793] <... futex resumed>) = 0 [pid 2791] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2793] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2793] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2792] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2793] <... futex resumed>) = 1 [pid 2792] <... write resumed>) = 262144 [pid 2791] <... futex resumed>) = 0 [pid 2791] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2791] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2793] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2792] munmap(0x7f22d914f000, 138412032 [pid 2793] <... mmap resumed>) = 0x20000000 [pid 2792] <... munmap resumed>) = 0 [pid 2793] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2792] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2793] <... futex resumed>) = 1 [pid 2791] <... futex resumed>) = 0 [pid 2791] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2793] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2792] <... openat resumed>) = 6 [pid 2793] +++ killed by SIGBUS +++ [pid 2792] +++ killed by SIGBUS +++ [pid 2791] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2791, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./773", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./773", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./773/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./773/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./773/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./773/bus") = 0 umount2("./773/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./773/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./773/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./773") = 0 mkdir("./774", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2794 ./strace-static-x86_64: Process 2794 attached [pid 2794] set_robust_list(0x5555564336a0, 24) = 0 [pid 2794] chdir("./774") = 0 [pid 2794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2794] setpgid(0, 0) = 0 [pid 2794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2794] write(3, "1000", 4) = 4 [pid 2794] close(3) = 0 [pid 2794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2794] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2794] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2794] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2795]}, 88) = 2795 [pid 2794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2794] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2794] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2794] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2795 attached => {parent_tid=[2796]}, 88) = 2796 [pid 2794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2794] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2794] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2796 attached [pid 2796] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2796] creat("./bus", 000) = 3 [pid 2795] set_robust_list(0x7f22e15909a0, 24 [pid 2796] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2794] <... futex resumed>) = 0 [pid 2795] <... set_robust_list resumed>) = 0 [pid 2794] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2794] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2796] <... futex resumed>) = 1 [pid 2796] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2795] rt_sigprocmask(SIG_SETMASK, [], [pid 2796] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2794] <... futex resumed>) = 0 [pid 2794] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2794] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2796] <... futex resumed>) = 1 [pid 2796] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2796] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2794] <... futex resumed>) = 0 [pid 2794] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2794] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2796] <... futex resumed>) = 1 [pid 2796] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2796] <... mmap resumed>) = 0x20000000 [pid 2796] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2794] <... futex resumed>) = 0 [pid 2794] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2796] <... futex resumed>) = 1 [pid 2796] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2795] +++ killed by SIGBUS +++ [pid 2796] +++ killed by SIGBUS +++ [pid 2794] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2794, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./774", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./774", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./774/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./774/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./774/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./774/bus") = 0 umount2("./774/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./774/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./774/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./774") = 0 mkdir("./775", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2797 ./strace-static-x86_64: Process 2797 attached [pid 2797] set_robust_list(0x5555564336a0, 24) = 0 [pid 2797] chdir("./775") = 0 [pid 2797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2797] setpgid(0, 0) = 0 [pid 2797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2797] write(3, "1000", 4) = 4 [pid 2797] close(3) = 0 [pid 2797] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2797] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2797] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2797] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2797] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2797] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2798]}, 88) = 2798 ./strace-static-x86_64: Process 2798 attached [pid 2798] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2798] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2798] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2797] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2798] <... futex resumed>) = 0 [pid 2798] memfd_create("syzkaller", 0) = 3 [pid 2798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2797] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2797] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2797] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2799]}, 88) = 2799 [pid 2797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2797] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2799 attached [pid 2798] <... write resumed>) = 262144 [pid 2799] set_robust_list(0x7f22d916f9a0, 24 [pid 2798] munmap(0x7f22d9170000, 138412032 [pid 2799] <... set_robust_list resumed>) = 0 [pid 2798] <... munmap resumed>) = 0 [pid 2799] rt_sigprocmask(SIG_SETMASK, [], [pid 2798] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2799] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2799] creat("./bus", 000 [pid 2798] <... openat resumed>) = 4 [pid 2798] ioctl(4, LOOP_SET_FD, 3 [pid 2797] <... futex resumed>) = 0 [pid 2797] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2799] <... creat resumed>) = 5 [pid 2799] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2797] <... futex resumed>) = 0 [pid 2797] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2797] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2799] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2799] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2797] <... futex resumed>) = 0 [pid 2797] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2797] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2799] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2799] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2797] <... futex resumed>) = 0 [pid 2797] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2797] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2799] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2798] <... ioctl resumed>) = 0 [pid 2798] close(3) = 0 [pid 2798] close(4 [pid 2799] <... mmap resumed>) = 0x20000000 [pid 2799] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2797] <... futex resumed>) = 0 [pid 2797] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2799] memfd_create("syzkaller", 0) = 3 [pid 2799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2798] <... close resumed>) = 0 [pid 2798] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2798] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2798] ioctl(4, LOOP_CLR_FD) = 0 [pid 2798] close(4) = 0 [pid 2798] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2798] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2799] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2799] munmap(0x7f22d9170000, 138412032) = 0 [pid 2799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2799] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2799] ioctl(4, LOOP_CLR_FD) = 0 [pid 2799] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2799] close(4) = 0 [pid 2799] close(3) = 0 [pid 2799] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2799] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2797] exit_group(0) = ? [pid 2798] <... futex resumed>) = ? [pid 2799] <... futex resumed>) = ? [pid 2798] +++ exited with 0 +++ [pid 2799] +++ exited with 0 +++ [pid 2797] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2797, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./775", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./775", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./775/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./775/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./775/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./775/bus") = 0 umount2("./775/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./775/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./775/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./775") = 0 mkdir("./776", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2800 ./strace-static-x86_64: Process 2800 attached [pid 2800] set_robust_list(0x5555564336a0, 24) = 0 [pid 2800] chdir("./776") = 0 [pid 2800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2800] setpgid(0, 0) = 0 [pid 2800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2800] write(3, "1000", 4) = 4 [pid 2800] close(3) = 0 [pid 2800] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2800] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2800] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2800] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2800] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2800] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2800] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2801 attached => {parent_tid=[2801]}, 88) = 2801 [pid 2801] set_robust_list(0x7f22e15909a0, 24 [pid 2800] rt_sigprocmask(SIG_SETMASK, [], [pid 2801] <... set_robust_list resumed>) = 0 [pid 2800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2801] rt_sigprocmask(SIG_SETMASK, [], [pid 2800] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2800] <... futex resumed>) = 0 [pid 2800] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2801] memfd_create("syzkaller", 0 [pid 2800] <... mmap resumed>) = 0x7f22e154f000 [pid 2800] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2801] <... memfd_create resumed>) = 3 [pid 2801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2800] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2801] <... mmap resumed>) = 0x7f22d914f000 [pid 2800] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2802]}, 88) = 2802 [pid 2800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2800] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2800] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2801] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2802 attached ) = 262144 [pid 2802] set_robust_list(0x7f22e156f9a0, 24 [pid 2801] munmap(0x7f22d914f000, 138412032 [pid 2802] <... set_robust_list resumed>) = 0 [pid 2802] rt_sigprocmask(SIG_SETMASK, [], [pid 2801] <... munmap resumed>) = 0 [pid 2802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2801] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2802] creat("./bus", 000 [pid 2801] <... openat resumed>) = 4 [ 61.679004][ T2798] loop0: detected capacity change from 0 to 512 [pid 2801] ioctl(4, LOOP_SET_FD, 3 [pid 2802] <... creat resumed>) = 5 [pid 2802] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2800] <... futex resumed>) = 0 [pid 2802] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2800] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2802] <... mount resumed>) = 0 [pid 2800] <... futex resumed>) = 0 [pid 2802] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2801] <... ioctl resumed>) = 0 [pid 2800] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2802] <... futex resumed>) = 0 [pid 2800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2802] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2800] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2800] <... futex resumed>) = 0 [pid 2802] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2800] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2802] <... open resumed>) = 6 [pid 2802] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2800] <... futex resumed>) = 0 [pid 2802] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2800] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2800] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2801] close(3) = 0 [pid 2801] close(4 [pid 2802] <... mmap resumed>) = 0x20000000 [pid 2802] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2800] <... futex resumed>) = 0 [pid 2802] memfd_create("syzkaller", 0 [pid 2800] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2802] <... memfd_create resumed>) = 3 [pid 2800] <... futex resumed>) = 0 [pid 2802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2801] <... close resumed>) = 0 [pid 2801] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2801] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2801] ioctl(4, LOOP_CLR_FD) = 0 [pid 2802] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2801] close(4) = 0 [pid 2801] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2801] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2802] <... write resumed>) = 4194304 [pid 2802] munmap(0x7f22d914f000, 138412032) = 0 [pid 2802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2802] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2802] ioctl(4, LOOP_CLR_FD) = 0 [pid 2802] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2802] close(4) = 0 [ 61.739173][ T2801] loop0: detected capacity change from 0 to 512 [pid 2802] close(3) = 0 [pid 2802] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2800] exit_group(0) = ? [pid 2801] <... futex resumed>) = ? [pid 2802] <... futex resumed>) = ? [pid 2801] +++ exited with 0 +++ [pid 2802] +++ exited with 0 +++ [pid 2800] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2800, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./776", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./776", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./776/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./776/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./776/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./776/bus") = 0 umount2("./776/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./776/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./776/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./776") = 0 mkdir("./777", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2803 ./strace-static-x86_64: Process 2803 attached [pid 2803] set_robust_list(0x5555564336a0, 24) = 0 [pid 2803] chdir("./777") = 0 [pid 2803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2803] setpgid(0, 0) = 0 [pid 2803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2803] write(3, "1000", 4) = 4 [pid 2803] close(3) = 0 [pid 2803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2803] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2803] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2803] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2803] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2804 attached => {parent_tid=[2804]}, 88) = 2804 [pid 2803] rt_sigprocmask(SIG_SETMASK, [], [pid 2804] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2804] rt_sigprocmask(SIG_SETMASK, [], [pid 2803] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2803] <... futex resumed>) = 0 [pid 2803] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2804] memfd_create("syzkaller", 0 [pid 2803] <... mmap resumed>) = 0x7f22e154f000 [pid 2804] <... memfd_create resumed>) = 3 [pid 2803] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2804] <... mmap resumed>) = 0x7f22d914f000 [pid 2803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2805]}, 88) = 2805 ./strace-static-x86_64: Process 2805 attached [pid 2803] rt_sigprocmask(SIG_SETMASK, [], [pid 2805] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2805] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2803] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2805] <... futex resumed>) = 0 [pid 2805] creat("./bus", 000 [pid 2803] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2805] <... creat resumed>) = 4 [pid 2805] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2805] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2803] <... futex resumed>) = 0 [pid 2803] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2805] <... futex resumed>) = 0 [pid 2805] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2803] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2805] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2805] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2803] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2803] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2805] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2805] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2803] <... futex resumed>) = 0 [pid 2805] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2803] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2803] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2805] <... mmap resumed>) = 0x20000000 [pid 2804] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d85} --- [pid 2803] <... futex resumed>) = ? [pid 2804] +++ killed by SIGBUS +++ [pid 2805] +++ killed by SIGBUS +++ [pid 2803] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2803, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./777", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./777", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./777/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./777/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./777/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./777/bus") = 0 umount2("./777/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./777/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./777/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./777") = 0 mkdir("./778", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2806 ./strace-static-x86_64: Process 2806 attached [pid 2806] set_robust_list(0x5555564336a0, 24) = 0 [pid 2806] chdir("./778") = 0 [pid 2806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2806] setpgid(0, 0) = 0 [pid 2806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2806] write(3, "1000", 4) = 4 [pid 2806] close(3) = 0 [pid 2806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2806] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2806] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2806] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2806] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2806] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2807 attached => {parent_tid=[2807]}, 88) = 2807 [pid 2807] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2807] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2806] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2807] <... futex resumed>) = 0 [pid 2806] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2807] memfd_create("syzkaller", 0) = 3 [pid 2807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2806] <... futex resumed>) = 0 [pid 2806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2806] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2806] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2808]}, 88) = 2808 [pid 2806] rt_sigprocmask(SIG_SETMASK, [], [pid 2807] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2806] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2806] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2808 attached [pid 2807] <... write resumed>) = 262144 [pid 2807] munmap(0x7f22d9170000, 138412032) = 0 [pid 2807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2807] ioctl(4, LOOP_SET_FD, 3 [pid 2808] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2808] creat("./bus", 000) = 5 [pid 2808] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2806] <... futex resumed>) = 0 [pid 2806] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2806] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2808] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2808] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2806] <... futex resumed>) = 0 [pid 2806] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2806] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2808] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2808] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2806] <... futex resumed>) = 0 [pid 2806] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2806] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2808] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2807] <... ioctl resumed>) = 0 [pid 2807] close(3) = 0 [pid 2807] close(4 [pid 2808] <... mmap resumed>) = 0x20000000 [pid 2808] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2806] <... futex resumed>) = 0 [pid 2806] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2808] <... futex resumed>) = 1 [pid 2808] memfd_create("syzkaller", 0) = 3 [pid 2808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2807] <... close resumed>) = 0 [pid 2807] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2807] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2807] ioctl(4, LOOP_CLR_FD) = 0 [pid 2807] close(4) = 0 [pid 2807] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2807] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2808] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2808] munmap(0x7f22d9170000, 138412032) = 0 [pid 2808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2808] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2808] ioctl(4, LOOP_CLR_FD) = 0 [pid 2808] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2808] close(4) = 0 [pid 2808] close(3) = 0 [pid 2808] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2808] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2806] exit_group(0) = ? [pid 2807] <... futex resumed>) = ? [pid 2807] +++ exited with 0 +++ [pid 2808] <... futex resumed>) = ? [pid 2808] +++ exited with 0 +++ [pid 2806] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2806, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./778", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./778", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./778/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./778/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./778/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./778/bus") = 0 umount2("./778/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./778/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./778/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./778") = 0 mkdir("./779", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2809 ./strace-static-x86_64: Process 2809 attached [pid 2809] set_robust_list(0x5555564336a0, 24) = 0 [pid 2809] chdir("./779") = 0 [pid 2809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2809] setpgid(0, 0) = 0 [pid 2809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2809] write(3, "1000", 4) = 4 [pid 2809] close(3) = 0 [pid 2809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2809] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2809] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2809] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2810]}, 88) = 2810 [pid 2809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2809] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2809] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2809] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2811]}, 88) = 2811 [pid 2809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2809] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2809] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2810 attached [pid 2810] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2810] memfd_create("syzkaller", 0) = 3 [pid 2810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2811 attached [pid 2810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2811] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2811] creat("./bus", 000) = 4 [pid 2811] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2809] <... futex resumed>) = 0 [ 61.841773][ T2807] loop0: detected capacity change from 0 to 512 [pid 2809] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2809] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2811] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2811] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2809] <... futex resumed>) = 0 [pid 2809] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2809] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2811] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2811] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2809] <... futex resumed>) = 0 [pid 2809] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2809] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2811] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2811] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2809] <... futex resumed>) = 0 [pid 2809] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2810] <... write resumed>) = 262144 [pid 2809] <... futex resumed>) = 0 [pid 2810] munmap(0x7f22d914f000, 138412032) = 0 [pid 2810] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2811] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2810] <... openat resumed>) = ? [pid 2810] +++ killed by SIGBUS +++ [pid 2811] +++ killed by SIGBUS +++ [pid 2809] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2809, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./779", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./779", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./779/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./779/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./779/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./779/bus") = 0 umount2("./779/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./779/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./779/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./779") = 0 mkdir("./780", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2812 ./strace-static-x86_64: Process 2812 attached [pid 2812] set_robust_list(0x5555564336a0, 24) = 0 [pid 2812] chdir("./780") = 0 [pid 2812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2812] setpgid(0, 0) = 0 [pid 2812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2812] write(3, "1000", 4) = 4 [pid 2812] close(3) = 0 [pid 2812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2812] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2812] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2812] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2812] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2813]}, 88) = 2813 [pid 2812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2812] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2812] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2812] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2814]}, 88) = 2814 [pid 2812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2812] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2812] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2813 attached [pid 2813] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 2814 attached [pid 2813] memfd_create("syzkaller", 0) = 3 [pid 2813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2814] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2814] creat("./bus", 000) = 4 [pid 2814] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2813] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2814] <... futex resumed>) = 1 [pid 2812] <... futex resumed>) = 0 [pid 2812] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2812] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2814] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2814] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2813] <... write resumed>) = 262144 [pid 2812] <... futex resumed>) = 0 [pid 2812] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2812] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2813] munmap(0x7f22d914f000, 138412032 [pid 2814] <... futex resumed>) = 1 [pid 2813] <... munmap resumed>) = 0 [pid 2813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2813] ioctl(5, LOOP_SET_FD, 3 [pid 2814] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2814] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2814] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2812] <... futex resumed>) = 0 [pid 2813] <... ioctl resumed>) = 0 [pid 2812] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2812] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2813] close(3) = 0 [pid 2813] close(5 [pid 2814] <... futex resumed>) = 0 [pid 2813] <... close resumed>) = 0 [pid 2813] mkdir("./file0", 0777) = 0 [pid 2813] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2814] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 2814] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2812] <... futex resumed>) = 0 [pid 2812] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2814] <... futex resumed>) = 1 [pid 2814] memfd_create("syzkaller", 0) = 3 [pid 2814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [ 61.920579][ T2813] loop0: detected capacity change from 0 to 512 [ 61.933322][ T2813] ================================================================== [ 61.941202][ T2813] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x13c0/0x3ef0 [ 61.948835][ T2813] Read of size 18446744073709551584 at addr ffff888122b72fc8 by task syz-executor245/2813 [ 61.958991][ T2813] [ 61.961163][ T2813] CPU: 1 PID: 2813 Comm: syz-executor245 Not tainted 6.1.75-syzkaller-00003-g4d55129aea65 #0 [ 61.971141][ T2813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 61.981043][ T2813] Call Trace: [ 61.984162][ T2813] [ 61.986951][ T2813] dump_stack_lvl+0x151/0x1b7 [ 61.991464][ T2813] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 61.996745][ T2813] ? _printk+0xd1/0x111 [ 62.000739][ T2813] ? __virt_addr_valid+0x242/0x2f0 [ 62.005688][ T2813] print_report+0x158/0x4e0 [ 62.010026][ T2813] ? __virt_addr_valid+0x242/0x2f0 [ 62.014973][ T2813] ? kasan_addr_to_slab+0xd/0x80 [ 62.019750][ T2813] ? ext4_xattr_set_entry+0x13c0/0x3ef0 [ 62.025154][ T2813] kasan_report+0x13c/0x170 [ 62.029468][ T2813] ? ext4_xattr_set_entry+0x13c0/0x3ef0 [ 62.034850][ T2813] kasan_check_range+0x294/0x2a0 [ 62.039623][ T2813] ? ext4_xattr_set_entry+0x13c0/0x3ef0 [ 62.045004][ T2813] memmove+0x2d/0x70 [ 62.048736][ T2813] ext4_xattr_set_entry+0x13c0/0x3ef0 [ 62.053948][ T2813] ? ext4_xattr_ibody_set+0x390/0x390 [ 62.059151][ T2813] ? ext4_get_inode_loc+0x190/0x190 [ 62.064205][ T2813] ? ext4_xattr_block_find+0x320/0x320 [ 62.069480][ T2813] ? xattr_find_entry+0x2ab/0x300 [ 62.074341][ T2813] ext4_xattr_ibody_set+0x124/0x390 [ 62.079374][ T2813] ext4_expand_extra_isize_ea+0x1147/0x1c40 [ 62.085108][ T2813] ? ext4_xattr_set+0x3d0/0x3d0 [ 62.089792][ T2813] ? rwsem_write_trylock+0x15b/0x290 [ 62.094913][ T2813] ? dquot_initialize_needed+0x13d/0x370 [ 62.100380][ T2813] __ext4_expand_extra_isize+0x31a/0x420 [ 62.105848][ T2813] __ext4_mark_inode_dirty+0x4bb/0x7d0 [ 62.111141][ T2813] ? sb_end_intwrite+0x130/0x130 [ 62.115915][ T2813] ? current_time+0x1af/0x2f0 [ 62.120428][ T2813] ? atime_needs_update+0x810/0x810 [ 62.125462][ T2813] ? ext4_inline_data_truncate+0x539/0xd60 [ 62.131105][ T2813] ? memcpy+0x56/0x70 [ 62.134924][ T2813] ext4_inline_data_truncate+0x552/0xd60 [ 62.140391][ T2813] ? ext4_inline_data_iomap+0x4e0/0x4e0 [ 62.145773][ T2813] ? __ext4_iget+0x2cfc/0x3ee0 [ 62.150374][ T2813] ext4_truncate+0x337/0xfb0 [ 62.154800][ T2813] ? __ext4_mark_inode_dirty+0x7d0/0x7d0 [ 62.160268][ T2813] ext4_process_orphan+0x1d3/0x2f0 [ 62.165215][ T2813] ext4_orphan_cleanup+0xa50/0x11b0 [ 62.170252][ T2813] ? ext4_orphan_del+0xc50/0xc50 [ 62.175021][ T2813] ? errseq_check_and_advance+0x64/0x130 [ 62.180489][ T2813] ext4_fill_super+0x7d46/0x8460 [ 62.185268][ T2813] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 62.191338][ T2813] ? snprintf+0xd6/0x120 [ 62.195419][ T2813] ? set_blocksize+0x1cb/0x360 [ 62.200018][ T2813] ? sb_set_blocksize+0xa8/0xf0 [ 62.204706][ T2813] get_tree_bdev+0x440/0x680 [ 62.209133][ T2813] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 62.215209][ T2813] ext4_get_tree+0x1c/0x20 [ 62.219459][ T2813] vfs_get_tree+0x88/0x290 [ 62.223716][ T2813] do_new_mount+0x2ba/0xb30 [ 62.228056][ T2813] ? do_move_mount_old+0x160/0x160 [ 62.232999][ T2813] ? security_capable+0x87/0xb0 [ 62.237688][ T2813] ? ns_capable+0x89/0xe0 [ 62.241853][ T2813] path_mount+0x671/0x1070 [ 62.246106][ T2813] ? user_path_at_empty+0x14e/0x1a0 [ 62.251144][ T2813] __se_sys_mount+0x2c4/0x3b0 [ 62.255656][ T2813] ? __x64_sys_mount+0xd0/0xd0 [ 62.260254][ T2813] ? fpregs_restore_userregs+0x130/0x290 [ 62.265727][ T2813] __x64_sys_mount+0xbf/0xd0 [ 62.270235][ T2813] do_syscall_64+0x3d/0xb0 [ 62.274489][ T2813] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.280219][ T2813] RIP: 0033:0x7f22e15d522a [ 62.284470][ T2813] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 62.303923][ T2813] RSP: 002b:00007f22e1590048 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 62.312157][ T2813] RAX: ffffffffffffffda RBX: 00000000200000c0 RCX: 00007f22e15d522a [ 62.319968][ T2813] RDX: 0000000020000180 RSI: 00000000200000c0 RDI: 00007f22e15900a0 [ 62.327781][ T2813] RBP: 0000000020000180 R08: 00007f22e15900e0 R09: 00007f22e15900e0 [ 62.336025][ T2813] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f22e15900e0 [ 62.343841][ T2813] R13: 000000000000046a R14: 0000000000000000 R15: 0000000020000300 [ 62.351652][ T2813] [ 62.354512][ T2813] [ 62.356684][ T2813] The buggy address belongs to the physical page: [ 62.362935][ T2813] page:ffffea00048adc80 refcount:3 mapcount:1 mapping:ffff88810bc2d850 index:0x1 pfn:0x122b72 [ 62.373002][ T2813] memcg:ffff888100360000 [ 62.377080][ T2813] aops:def_blk_aops ino:700000 [ 62.381680][ T2813] flags: 0x660000000002205e(referenced|uptodate|dirty|lru|workingset|private|mappedtodisk|zone=1) [ 62.392102][ T2813] raw: 660000000002205e ffffea0004407108 ffffea0004436b48 ffff88810bc2d850 [ 62.400519][ T2813] raw: 0000000000000001 ffff88810b7f60a8 0000000300000000 ffff888100360000 [ 62.409021][ T2813] page dumped because: kasan: bad access detected [ 62.415284][ T2813] page_owner tracks the page as allocated [ 62.420830][ T2813] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 2814, tgid 2812 (syz-executor245), ts 61930659462, free_ts 61927931968 [ 62.441399][ T2813] post_alloc_hook+0x213/0x220 [ 62.445994][ T2813] prep_new_page+0x1b/0x110 [ 62.450333][ T2813] get_page_from_freelist+0x27ea/0x2870 [ 62.455716][ T2813] __alloc_pages+0x3a1/0x780 [ 62.460142][ T2813] __folio_alloc+0x15/0x40 [ 62.464393][ T2813] page_cache_ra_unbounded+0x2a4/0x690 [ 62.469692][ T2813] page_cache_ra_order+0x92f/0xb40 [ 62.474638][ T2813] do_sync_mmap_readahead+0x97c/0xcc0 [ 62.479845][ T2813] filemap_fault+0x744/0x11a0 [ 62.484356][ T2813] do_fault+0xbde/0x19e0 [ 62.488442][ T2813] handle_mm_fault+0x184a/0x2f40 [ 62.493212][ T2813] __get_user_pages+0x377/0xf20 [ 62.497896][ T2813] __mm_populate+0x375/0x570 [ 62.502324][ T2813] vm_mmap_pgoff+0x290/0x430 [ 62.506751][ T2813] ksys_mmap_pgoff+0x15d/0x1e0 [ 62.511350][ T2813] __x64_sys_mmap+0x103/0x120 [ 62.515864][ T2813] page last free stack trace: [ 62.520376][ T2813] free_unref_page_prepare+0x83d/0x850 [ 62.525670][ T2813] free_unref_page+0xb2/0x5c0 [ 62.530185][ T2813] __free_pages+0x61/0xf0 [ 62.534351][ T2813] __free_slab+0xce/0x1a0 [ 62.538518][ T2813] discard_slab+0x29/0x40 [ 62.542682][ T2813] __slab_free+0x205/0x280 [ 62.546935][ T2813] ___cache_free+0xc6/0xd0 [ 62.551189][ T2813] qlist_free_all+0xc5/0x140 [ 62.555618][ T2813] kasan_quarantine_reduce+0x15a/0x180 [ 62.560909][ T2813] __kasan_slab_alloc+0x24/0x80 [ 62.565596][ T2813] slab_post_alloc_hook+0x53/0x2c0 [ 62.571100][ T2813] kmem_cache_alloc+0x175/0x2c0 [ 62.575786][ T2813] getname_flags+0xba/0x520 [ 62.580128][ T2813] user_path_at_empty+0x2d/0x1a0 [ 62.584904][ T2813] do_readlinkat+0x114/0x3a0 [ 62.589328][ T2813] __x64_sys_readlink+0x7f/0x90 [ 62.594102][ T2813] [ 62.596268][ T2813] Memory state around the buggy address: [ 62.601743][ T2813] ffff888122b72e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.609725][ T2813] ffff888122b72f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.617623][ T2813] >ffff888122b72f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.625519][ T2813] ^ [ 62.631771][ T2813] ffff888122b73000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.639669][ T2813] ffff888122b73080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.647563][ T2813] ================================================================== [ 62.656102][ T2813] Disabling lock debugging due to kernel taint [pid 2814] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [ 62.666194][ T28] audit: type=1400 audit(1715624263.461:76): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 62.688322][ T2813] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor245: corrupted in-inode xattr [ 62.691684][ T28] audit: type=1400 audit(1715624263.461:77): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 2814] munmap(0x7f22d914f000, 138412032) = 0 [pid 2814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2814] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2814] ioctl(5, LOOP_CLR_FD) = 0 [pid 2814] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2814] close(5) = 0 [pid 2814] close(3) = 0 [pid 2814] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2814] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2813] <... mount resumed>) = 0 [pid 2813] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2813] ioctl(3, LOOP_CLR_FD) = 0 [pid 2813] close(3) = 0 [pid 2813] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2813] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2812] exit_group(0 [pid 2814] <... futex resumed>) = ? [pid 2812] <... exit_group resumed>) = ? [pid 2814] +++ exited with 0 +++ [pid 2813] <... futex resumed>) = ? [pid 2813] +++ exited with 0 +++ [pid 2812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2812, si_uid=0, si_status=0, si_utime=0, si_stime=84} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./780", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./780", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./780/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./780/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./780/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./780/bus") = 0 umount2("./780/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./780/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 62.711458][ T2813] EXT4-fs warning (device loop0): ext4_xattr_set_entry:1745: inode #12: comm syz-executor245: unable to update i_inline_off [ 62.735036][ T2813] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2810: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 62.750349][ T2813] EXT4-fs (loop0): 1 truncate cleaned up [ 62.756040][ T2813] EXT4-fs mount: 52 callbacks suppressed [ 62.756075][ T2813] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. unlink("./780/binderfs") = 0 umount2("./780/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./780/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./780/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./780/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./780/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./780/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./780") = 0 mkdir("./781", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2817 ./strace-static-x86_64: Process 2817 attached [pid 2817] set_robust_list(0x5555564336a0, 24) = 0 [pid 2817] chdir("./781") = 0 [pid 2817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2817] setpgid(0, 0) = 0 [pid 2817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2817] write(3, "1000", 4) = 4 [pid 2817] close(3) = 0 [pid 2817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2817] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2817] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2817] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2817] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2817] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2818]}, 88) = 2818 [pid 2817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2817] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2817] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2817] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2817] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2819]}, 88) = 2819 [pid 2817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2817] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2817] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2819 attached [pid 2819] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2819] creat("./bus", 000) = 3 [pid 2819] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2817] <... futex resumed>) = 0 [pid 2817] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2817] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2819] <... futex resumed>) = 1 [pid 2819] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2819] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2817] <... futex resumed>) = 0 [pid 2817] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2817] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2819] <... futex resumed>) = 1 [pid 2819] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2819] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2817] <... futex resumed>) = 0 [pid 2817] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2817] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2819] <... futex resumed>) = 1 [pid 2819] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2819] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2817] <... futex resumed>) = 0 [pid 2817] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2819] <... futex resumed>) = 1 [pid 2819] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2819] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2818 attached [pid 2818] +++ killed by SIGBUS +++ [pid 2817] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2817, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./781", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./781", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./781/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./781/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./781/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./781/bus") = 0 umount2("./781/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./781/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./781/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./781") = 0 mkdir("./782", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2820 ./strace-static-x86_64: Process 2820 attached [pid 2820] set_robust_list(0x5555564336a0, 24) = 0 [pid 2820] chdir("./782") = 0 [pid 2820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2820] setpgid(0, 0) = 0 [pid 2820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2820] write(3, "1000", 4) = 4 [pid 2820] close(3) = 0 [pid 2820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2820] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2820] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2820] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2820] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2821 attached [pid 2821] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2821] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2820] <... clone3 resumed> => {parent_tid=[2821]}, 88) = 2821 [pid 2820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2820] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2821] <... futex resumed>) = 0 [pid 2820] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2821] memfd_create("syzkaller", 0 [pid 2820] <... futex resumed>) = 0 [pid 2821] <... memfd_create resumed>) = 3 [pid 2821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2820] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 2821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2820] <... clone3 resumed> => {parent_tid=[2822]}, 88) = 2822 [pid 2820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2820] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2821] <... write resumed>) = 262144 [pid 2820] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2822 attached [pid 2821] munmap(0x7f22d9170000, 138412032 [pid 2822] set_robust_list(0x7f22d916f9a0, 24 [pid 2821] <... munmap resumed>) = 0 [pid 2820] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2822] <... set_robust_list resumed>) = 0 [pid 2821] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2822] rt_sigprocmask(SIG_SETMASK, [], [pid 2821] <... openat resumed>) = 4 [pid 2821] ioctl(4, LOOP_SET_FD, 3 [pid 2822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2822] creat("./bus", 000) = 5 [pid 2822] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2820] <... futex resumed>) = 0 [pid 2820] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2820] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2822] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2822] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2820] <... futex resumed>) = 0 [pid 2820] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2820] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2822] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2822] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2820] <... futex resumed>) = 0 [pid 2820] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2820] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.778040][ T293] EXT4-fs (loop0): unmounting filesystem. [ 62.809913][ T2821] loop0: detected capacity change from 0 to 512 [ 62.816542][ T2822] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 31 prio class 2 [pid 2822] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2821] <... ioctl resumed>) = 0 [pid 2821] close(3) = 0 [pid 2821] close(4) = 0 [pid 2821] mkdir(0x200000c0, 0777 [pid 2820] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2820] futex(0x7f22e165d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2820] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2823]}, 88) = 2823 [pid 2820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2820] futex(0x7f22e165d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.816603][ T2822] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 62.816623][ T2822] Buffer I/O error on dev loop0, logical block 0, async page read [ 62.816670][ T2822] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 62.816689][ T2822] Buffer I/O error on dev loop0, logical block 0, async page read [ 62.816726][ T2822] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 62.816744][ T2822] Buffer I/O error on dev loop0, logical block 0, async page read ./strace-static-x86_64: Process 2823 attached [pid 2823] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2823] memfd_create("syzkaller", 0 [pid 2821] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 2823] <... memfd_create resumed>) = 3 [pid 2821] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 2823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2821] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 2821] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2823] <... mmap resumed>) = 0x7f22d0d4f000 [pid 2821] <... openat resumed>) = 4 [pid 2822] <... mmap resumed>) = 0x20000000 [pid 2821] ioctl(4, LOOP_CLR_FD) = 0 [pid 2821] close(4) = 0 [pid 2821] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2821] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2822] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2822] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2823] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2823] munmap(0x7f22d0d4f000, 138412032) = 0 [pid 2823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2823] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2823] ioctl(4, LOOP_CLR_FD) = 0 [pid 2823] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2823] close(4) = 0 [pid 2823] close(3) = 0 [pid 2823] futex(0x7f22e165d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2823] futex(0x7f22e165d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2820] exit_group(0 [pid 2822] <... futex resumed>) = ? [pid 2821] <... futex resumed>) = ? [pid 2820] <... exit_group resumed>) = ? [pid 2822] +++ exited with 0 +++ [pid 2823] <... futex resumed>) = ? [pid 2823] +++ exited with 0 +++ [pid 2821] +++ exited with 0 +++ [pid 2820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2820, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- umount2("./782", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./782", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./782/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./782/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./782/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./782/bus") = 0 umount2("./782/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./782/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./782/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./782") = 0 mkdir("./783", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2824 ./strace-static-x86_64: Process 2824 attached [pid 2824] set_robust_list(0x5555564336a0, 24) = 0 [pid 2824] chdir("./783") = 0 [pid 2824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2824] setpgid(0, 0) = 0 [pid 2824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2824] write(3, "1000", 4) = 4 [pid 2824] close(3) = 0 [pid 2824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2824] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2824] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2824] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2825]}, 88) = 2825 [pid 2824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2824] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2824] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2824] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2826]}, 88) = 2826 [pid 2824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2824] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2824] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2825 attached [pid 2825] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2825] memfd_create("syzkaller", 0) = 3 [pid 2825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [ 62.816781][ T2822] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 62.884852][ T2822] Buffer I/O error on dev loop0, logical block 0, async page read [pid 2825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2825] munmap(0x7f22d914f000, 138412032) = 0 [pid 2825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2825] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2826 attached ) = 0 [pid 2826] set_robust_list(0x7f22e156f9a0, 24 [pid 2825] close(3) = 0 [pid 2825] close(4) = 0 [pid 2825] mkdir("./file0", 0777 [pid 2826] <... set_robust_list resumed>) = 0 [pid 2826] rt_sigprocmask(SIG_SETMASK, [], [pid 2825] <... mkdir resumed>) = 0 [pid 2825] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2826] creat("./bus", 000) = 3 [pid 2826] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2824] <... futex resumed>) = 0 [pid 2826] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2824] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2826] <... mount resumed>) = 0 [pid 2824] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2826] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2824] <... futex resumed>) = 0 [pid 2826] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2824] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2824] <... futex resumed>) = 0 [pid 2826] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2824] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2826] <... open resumed>) = 4 [pid 2826] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2824] <... futex resumed>) = 0 [pid 2824] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2826] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2824] <... futex resumed>) = 0 [pid 2824] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2826] <... mmap resumed>) = 0x20000000 [pid 2826] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2824] <... futex resumed>) = 0 [pid 2826] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2824] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2824] <... futex resumed>) = 0 [pid 2825] <... mount resumed>) = 0 [pid 2826] memfd_create("syzkaller", 0) = 5 [pid 2825] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY [pid 2826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2825] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 2826] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2825] ioctl(6, LOOP_CLR_FD) = 0 [pid 2825] close(6) = 0 [pid 2825] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2825] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2826] <... write resumed>) = 4194304 [pid 2826] munmap(0x7f22d914f000, 138412032) = 0 [pid 2826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2826] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2826] ioctl(6, LOOP_CLR_FD) = 0 [pid 2826] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2826] close(6) = 0 [ 62.941323][ T2825] loop0: detected capacity change from 0 to 512 [ 62.951352][ T2825] EXT4-fs (loop0): 1 truncate cleaned up [ 62.956888][ T2825] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 2826] close(5) = 0 [pid 2826] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2826] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2824] exit_group(0 [pid 2825] <... futex resumed>) = ? [pid 2824] <... exit_group resumed>) = ? [pid 2825] +++ exited with 0 +++ [pid 2826] <... futex resumed>) = ? [pid 2826] +++ exited with 0 +++ [pid 2824] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2824, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./783", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./783", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./783/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./783/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./783/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./783/bus") = 0 umount2("./783/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./783/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./783/binderfs") = 0 umount2("./783/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./783/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./783/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./783/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./783/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./783/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./783") = 0 mkdir("./784", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2828 ./strace-static-x86_64: Process 2828 attached [pid 2828] set_robust_list(0x5555564336a0, 24) = 0 [pid 2828] chdir("./784") = 0 [pid 2828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2828] setpgid(0, 0) = 0 [pid 2828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2828] write(3, "1000", 4) = 4 [pid 2828] close(3) = 0 [pid 2828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2828] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2828] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2828] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2828] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2829 attached [pid 2829] set_robust_list(0x7f22e15909a0, 24 [pid 2828] <... clone3 resumed> => {parent_tid=[2829]}, 88) = 2829 [pid 2829] <... set_robust_list resumed>) = 0 [pid 2828] rt_sigprocmask(SIG_SETMASK, [], [pid 2829] rt_sigprocmask(SIG_SETMASK, [], [pid 2828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2828] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2828] <... futex resumed>) = 0 [pid 2828] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2829] memfd_create("syzkaller", 0 [pid 2828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2829] <... memfd_create resumed>) = 3 [pid 2829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2828] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2828] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2829] <... mmap resumed>) = 0x7f22d914f000 [pid 2828] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2830 attached => {parent_tid=[2830]}, 88) = 2830 [pid 2830] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2830] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2828] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2828] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2830] <... futex resumed>) = 0 [pid 2830] creat("./bus", 000) = 4 [pid 2830] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2828] <... futex resumed>) = 0 [pid 2830] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2828] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2828] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2830] <... mount resumed>) = 0 [pid 2830] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2828] <... futex resumed>) = 0 [pid 2828] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2828] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2830] <... futex resumed>) = 1 [pid 2830] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2830] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2828] <... futex resumed>) = 0 [pid 2830] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2828] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2828] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2830] <... mmap resumed>) = 0x20000000 [pid 2829] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dd4} --- [pid 2828] <... futex resumed>) = ? [pid 2830] +++ killed by SIGBUS +++ [pid 2829] +++ killed by SIGBUS +++ [pid 2828] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2828, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./784", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./784", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./784/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./784/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./784/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./784/bus") = 0 umount2("./784/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./784/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./784/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./784") = 0 mkdir("./785", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2831 ./strace-static-x86_64: Process 2831 attached [pid 2831] set_robust_list(0x5555564336a0, 24) = 0 [pid 2831] chdir("./785") = 0 [pid 2831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2831] setpgid(0, 0) = 0 [pid 2831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2831] write(3, "1000", 4) = 4 [pid 2831] close(3) = 0 [pid 2831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2831] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2831] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2831] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2831] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2832 attached => {parent_tid=[2832]}, 88) = 2832 [pid 2831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2831] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2831] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2831] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2833]}, 88) = 2833 [pid 2831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2831] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2831] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2833 attached [pid 2833] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2833] creat("./bus", 000 [pid 2832] set_robust_list(0x7f22e15909a0, 24 [pid 2833] <... creat resumed>) = 3 [pid 2833] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2831] <... futex resumed>) = 0 [pid 2831] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2831] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2833] <... futex resumed>) = 1 [pid 2833] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2833] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2831] <... futex resumed>) = 0 [pid 2831] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2831] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2833] <... futex resumed>) = 1 [pid 2833] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2833] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2831] <... futex resumed>) = 0 [pid 2831] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2831] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2833] <... futex resumed>) = 1 [pid 2833] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2833] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2831] <... futex resumed>) = 0 [pid 2831] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2833] <... futex resumed>) = 1 [pid 2833] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2832] <... set_robust_list resumed>) = ? [pid 2832] +++ killed by SIGBUS +++ [pid 2833] +++ killed by SIGBUS +++ [pid 2831] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2831, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 63.007850][ T293] EXT4-fs (loop0): unmounting filesystem. umount2("./785", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./785", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./785/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./785/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./785/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./785/bus") = 0 umount2("./785/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./785/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./785/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./785") = 0 mkdir("./786", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2834 ./strace-static-x86_64: Process 2834 attached [pid 2834] set_robust_list(0x5555564336a0, 24) = 0 [pid 2834] chdir("./786") = 0 [pid 2834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2834] setpgid(0, 0) = 0 [pid 2834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2834] write(3, "1000", 4) = 4 [pid 2834] close(3) = 0 [pid 2834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2834] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2834] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2834] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2835 attached => {parent_tid=[2835]}, 88) = 2835 [pid 2835] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2835] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2834] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2835] <... futex resumed>) = 0 [pid 2834] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2834] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2836 attached => {parent_tid=[2836]}, 88) = 2836 [pid 2836] set_robust_list(0x7f22e156f9a0, 24 [pid 2834] rt_sigprocmask(SIG_SETMASK, [], [pid 2836] <... set_robust_list resumed>) = 0 [pid 2835] memfd_create("syzkaller", 0 [pid 2834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2836] rt_sigprocmask(SIG_SETMASK, [], [pid 2834] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2834] <... futex resumed>) = 0 [pid 2836] creat("./bus", 000 [pid 2834] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2836] <... creat resumed>) = 3 [pid 2836] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2834] <... futex resumed>) = 0 [pid 2836] <... futex resumed>) = 1 [pid 2834] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2836] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2834] <... futex resumed>) = 0 [pid 2834] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2836] <... mount resumed>) = 0 [pid 2836] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2834] <... futex resumed>) = 0 [pid 2836] <... futex resumed>) = 1 [pid 2834] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2836] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2834] <... futex resumed>) = 0 [pid 2834] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2836] <... open resumed>) = 5 [pid 2836] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2834] <... futex resumed>) = 0 [pid 2836] <... futex resumed>) = 1 [pid 2834] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2836] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2834] <... futex resumed>) = 0 [pid 2834] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2836] <... mmap resumed>) = 0x20000000 [pid 2835] <... memfd_create resumed>) = 4 [pid 2836] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2834] <... futex resumed>) = 0 [pid 2836] <... futex resumed>) = 1 [pid 2834] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2836] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2835] <... mmap resumed>) = ? [pid 2836] +++ killed by SIGBUS +++ [pid 2835] +++ killed by SIGBUS +++ [pid 2834] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2834, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./786", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./786", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./786/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./786/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./786/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./786/bus") = 0 umount2("./786/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./786/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./786/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./786") = 0 mkdir("./787", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2837 ./strace-static-x86_64: Process 2837 attached [pid 2837] set_robust_list(0x5555564336a0, 24) = 0 [pid 2837] chdir("./787") = 0 [pid 2837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2837] setpgid(0, 0) = 0 [pid 2837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2837] write(3, "1000", 4) = 4 [pid 2837] close(3) = 0 [pid 2837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2837] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2837] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2838]}, 88) = 2838 [pid 2837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2837] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2837] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 2838 attached ) = 0 [pid 2837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2839]}, 88) = 2839 [pid 2837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2837] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2839 attached [pid 2839] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2839] creat("./bus", 000) = 3 [pid 2839] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2837] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2839] <... futex resumed>) = 1 [pid 2839] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2839] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2837] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2839] <... futex resumed>) = 1 [pid 2839] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2839] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2837] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2839] <... futex resumed>) = 1 [pid 2839] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2839] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2837] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2839] <... futex resumed>) = 1 [pid 2839] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2838] +++ killed by SIGBUS +++ [pid 2839] +++ killed by SIGBUS +++ [pid 2837] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2837, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./787", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./787", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./787/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./787/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./787/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./787/bus") = 0 umount2("./787/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./787/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./787/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./787") = 0 mkdir("./788", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2840 ./strace-static-x86_64: Process 2840 attached [pid 2840] set_robust_list(0x5555564336a0, 24) = 0 [pid 2840] chdir("./788") = 0 [pid 2840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2840] setpgid(0, 0) = 0 [pid 2840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2840] write(3, "1000", 4) = 4 [pid 2840] close(3) = 0 [pid 2840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2840] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2840] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2841]}, 88) = 2841 [pid 2840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2840] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2840] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 2841 attached ) = 0 [pid 2840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2842 attached => {parent_tid=[2842]}, 88) = 2842 [pid 2840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2840] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2841] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2841] memfd_create("syzkaller", 0) = 3 [pid 2841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2842] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2842] creat("./bus", 000) = 4 [pid 2841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2842] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2840] <... futex resumed>) = 0 [pid 2840] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2842] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2841] <... write resumed>) = 262144 [pid 2841] munmap(0x7f22d914f000, 138412032) = 0 [pid 2841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2841] ioctl(5, LOOP_SET_FD, 3 [pid 2842] <... mount resumed>) = 0 [pid 2841] <... ioctl resumed>) = 0 [pid 2841] close(3) = 0 [pid 2841] close(5 [pid 2842] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2841] <... close resumed>) = 0 [pid 2841] mkdir("./file0", 0777) = 0 [pid 2841] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2842] <... futex resumed>) = 1 [pid 2840] <... futex resumed>) = 0 [pid 2840] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2842] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2842] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2840] <... futex resumed>) = 0 [pid 2840] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2842] <... futex resumed>) = 1 [pid 2842] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2842] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2840] <... futex resumed>) = 0 [pid 2840] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2842] <... futex resumed>) = 1 [pid 2842] memfd_create("syzkaller", 0) = 5 [pid 2842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2841] <... mount resumed>) = 0 [pid 2842] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2841] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2841] ioctl(6, LOOP_CLR_FD) = 0 [pid 2841] close(6) = 0 [pid 2841] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2841] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2842] <... write resumed>) = 4194304 [pid 2842] munmap(0x7f22d914f000, 138412032) = 0 [pid 2842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2842] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2842] ioctl(6, LOOP_CLR_FD) = 0 [pid 2842] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2842] close(6) = 0 [pid 2842] close(5) = 0 [pid 2842] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2842] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2840] exit_group(0 [pid 2841] <... futex resumed>) = ? [pid 2840] <... exit_group resumed>) = ? [pid 2841] +++ exited with 0 +++ [pid 2842] <... futex resumed>) = ? [pid 2842] +++ exited with 0 +++ [pid 2840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2840, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./788", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./788", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./788/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./788/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./788/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./788/bus") = 0 umount2("./788/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./788/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./788/binderfs") = 0 [ 63.134185][ T2841] loop0: detected capacity change from 0 to 512 [ 63.146277][ T2841] EXT4-fs (loop0): 1 truncate cleaned up [ 63.152283][ T2841] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./788/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./788/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./788/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./788/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./788/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./788/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./788") = 0 mkdir("./789", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2844 ./strace-static-x86_64: Process 2844 attached [pid 2844] set_robust_list(0x5555564336a0, 24) = 0 [pid 2844] chdir("./789") = 0 [pid 2844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2844] setpgid(0, 0) = 0 [pid 2844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2844] write(3, "1000", 4) = 4 [pid 2844] close(3) = 0 [pid 2844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2844] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2844] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2844] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2845]}, 88) = 2845 [pid 2844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2844] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2844] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2844] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2846]}, 88) = 2846 [pid 2844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2844] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2844] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2845 attached ./strace-static-x86_64: Process 2846 attached [pid 2846] set_robust_list(0x7f22e156f9a0, 24 [pid 2845] set_robust_list(0x7f22e15909a0, 24 [pid 2846] <... set_robust_list resumed>) = 0 [pid 2845] <... set_robust_list resumed>) = 0 [pid 2845] rt_sigprocmask(SIG_SETMASK, [], [pid 2846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2845] memfd_create("syzkaller", 0 [pid 2846] creat("./bus", 000) = 3 [pid 2845] <... memfd_create resumed>) = 4 [pid 2845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2846] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2845] <... mmap resumed>) = 0x7f22d914f000 [pid 2846] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2844] <... futex resumed>) = 0 [pid 2844] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2844] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2846] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2845] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2846] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2844] <... futex resumed>) = 0 [pid 2844] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2844] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2846] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2846] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2844] <... futex resumed>) = 0 [pid 2844] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2844] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2846] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2846] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2844] <... futex resumed>) = 0 [pid 2844] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2846] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2845] <... write resumed>) = ? [pid 2845] +++ killed by SIGBUS +++ [pid 2846] +++ killed by SIGBUS +++ [pid 2844] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2844, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./789", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./789", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./789/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./789/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./789/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./789/bus") = 0 umount2("./789/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./789/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./789/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./789") = 0 mkdir("./790", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2847 attached , child_tidptr=0x555556433690) = 2847 [pid 2847] set_robust_list(0x5555564336a0, 24) = 0 [pid 2847] chdir("./790") = 0 [pid 2847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2847] setpgid(0, 0) = 0 [pid 2847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2847] write(3, "1000", 4) = 4 [pid 2847] close(3) = 0 [pid 2847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2847] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2847] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2848 attached [pid 2848] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2848] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2847] <... clone3 resumed> => {parent_tid=[2848]}, 88) = 2848 [pid 2847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2847] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2847] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2847] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2849]}, 88) = 2849 [pid 2847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2847] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2849 attached [pid 2849] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2849] creat("./bus", 000 [pid 2848] <... futex resumed>) = 0 [pid 2849] <... creat resumed>) = 3 [pid 2849] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2847] <... futex resumed>) = 0 [pid 2848] memfd_create("syzkaller", 0 [pid 2847] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2849] <... futex resumed>) = 1 [pid 2849] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2849] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2847] <... futex resumed>) = 0 [pid 2847] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2849] <... futex resumed>) = 1 [pid 2849] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2849] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2847] <... futex resumed>) = 0 [pid 2847] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2849] <... futex resumed>) = 1 [pid 2849] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2849] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2847] <... futex resumed>) = 0 [pid 2847] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2848] <... memfd_create resumed>) = 5 [pid 2849] <... futex resumed>) = 1 [pid 2849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2848] +++ killed by SIGBUS +++ [pid 2849] +++ killed by SIGBUS +++ [pid 2847] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2847, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./790", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./790", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./790/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./790/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./790/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./790/bus") = 0 umount2("./790/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./790/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./790/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./790") = 0 mkdir("./791", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2850 ./strace-static-x86_64: Process 2850 attached [pid 2850] set_robust_list(0x5555564336a0, 24) = 0 [pid 2850] chdir("./791") = 0 [pid 2850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2850] setpgid(0, 0) = 0 [pid 2850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2850] write(3, "1000", 4) = 4 [pid 2850] close(3) = 0 [pid 2850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2850] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2850] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2850] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2850] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2850] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2850] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2851 attached => {parent_tid=[2851]}, 88) = 2851 [pid 2850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2850] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2850] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2850] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2850] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2850] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2852]}, 88) = 2852 [pid 2850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2850] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2850] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2851] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2851] memfd_create("syzkaller", 0) = 3 [pid 2851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2852 attached [pid 2851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2852] set_robust_list(0x7f22e156f9a0, 24 [pid 2851] <... write resumed>) = 262144 [pid 2852] <... set_robust_list resumed>) = 0 [pid 2852] rt_sigprocmask(SIG_SETMASK, [], [pid 2851] munmap(0x7f22d914f000, 138412032) = 0 [pid 2851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 63.194482][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 2851] ioctl(4, LOOP_SET_FD, 3 [pid 2852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2851] <... ioctl resumed>) = 0 [pid 2852] creat("./bus", 000 [pid 2851] close(3 [pid 2852] <... creat resumed>) = 3 [pid 2851] <... close resumed>) = 0 [pid 2852] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2851] close(4 [pid 2852] <... futex resumed>) = 1 [pid 2851] <... close resumed>) = 0 [pid 2850] <... futex resumed>) = 0 [pid 2852] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2851] mkdir("./file0", 0777 [pid 2850] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2851] <... mkdir resumed>) = 0 [pid 2850] <... futex resumed>) = 0 [pid 2852] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2851] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2850] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2852] <... mount resumed>) = 0 [pid 2852] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2850] <... futex resumed>) = 0 [pid 2852] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2850] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2852] <... open resumed>) = 4 [pid 2850] <... futex resumed>) = 0 [pid 2852] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2850] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2852] <... futex resumed>) = 0 [pid 2850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2852] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2850] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2850] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2852] <... mmap resumed>) = 0x20000000 [pid 2852] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2851] <... mount resumed>) = 0 [pid 2852] <... futex resumed>) = 1 [pid 2850] <... futex resumed>) = 0 [pid 2852] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2850] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2850] <... futex resumed>) = 0 [pid 2852] memfd_create("syzkaller", 0) = 5 [pid 2852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2852] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2851] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2851] ioctl(6, LOOP_CLR_FD) = 0 [pid 2851] close(6) = 0 [pid 2851] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2851] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2852] <... write resumed>) = 4194304 [pid 2852] munmap(0x7f22d914f000, 138412032) = 0 [pid 2852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2852] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2852] ioctl(6, LOOP_CLR_FD) = 0 [pid 2852] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2852] close(6) = 0 [pid 2852] close(5) = 0 [pid 2852] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2852] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2850] exit_group(0 [pid 2851] <... futex resumed>) = ? [pid 2850] <... exit_group resumed>) = ? [pid 2851] +++ exited with 0 +++ [pid 2852] <... futex resumed>) = ? [pid 2852] +++ exited with 0 +++ [pid 2850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2850, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./791", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./791", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./791/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./791/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./791/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./791/bus") = 0 umount2("./791/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./791/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./791/binderfs") = 0 [ 63.252866][ T2851] loop0: detected capacity change from 0 to 512 [ 63.264372][ T2851] EXT4-fs (loop0): 1 truncate cleaned up [ 63.269820][ T2851] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./791/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./791/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./791/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./791/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./791/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./791/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./791") = 0 mkdir("./792", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2854 ./strace-static-x86_64: Process 2854 attached [pid 2854] set_robust_list(0x5555564336a0, 24) = 0 [pid 2854] chdir("./792") = 0 [pid 2854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2854] setpgid(0, 0) = 0 [pid 2854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2854] write(3, "1000", 4) = 4 [pid 2854] close(3) = 0 [pid 2854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2854] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2854] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2854] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2855 attached [pid 2855] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2855] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2854] <... clone3 resumed> => {parent_tid=[2855]}, 88) = 2855 [pid 2854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2854] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2855] <... futex resumed>) = 0 [pid 2855] memfd_create("syzkaller", 0 [pid 2854] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2855] <... memfd_create resumed>) = 3 [pid 2854] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2856]}, 88) = 2856 [pid 2854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2854] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2854] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2856 attached [pid 2856] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2856] creat("./bus", 000) = 4 [pid 2856] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2855] <... write resumed>) = 262144 [pid 2855] munmap(0x7f22d914f000, 138412032) = 0 [pid 2855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2855] ioctl(5, LOOP_SET_FD, 3 [pid 2856] <... futex resumed>) = 1 [pid 2856] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2854] <... futex resumed>) = 0 [pid 2855] <... ioctl resumed>) = 0 [pid 2854] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2854] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2855] close(3) = 0 [pid 2855] close(5) = 0 [pid 2855] mkdir("./file0", 0777) = 0 [pid 2855] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2856] <... futex resumed>) = 0 [pid 2856] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2856] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2854] <... futex resumed>) = 0 [pid 2854] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2854] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2856] <... futex resumed>) = 1 [pid 2856] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2856] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2854] <... futex resumed>) = 0 [pid 2854] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2854] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2856] <... futex resumed>) = 1 [pid 2856] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [ 63.317553][ T293] EXT4-fs (loop0): unmounting filesystem. [ 63.355753][ T2855] loop0: detected capacity change from 0 to 512 [pid 2856] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2856] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2854] <... futex resumed>) = 0 [pid 2854] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2856] <... futex resumed>) = 0 [pid 2855] <... mount resumed>) = 0 [pid 2854] <... futex resumed>) = 1 [pid 2856] memfd_create("syzkaller", 0 [pid 2855] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2856] <... memfd_create resumed>) = 6 [pid 2855] ioctl(5, LOOP_CLR_FD) = 0 [pid 2855] close(5 [pid 2856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2855] <... close resumed>) = 0 [pid 2855] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2855] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2856] write(6, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2856] munmap(0x7f22d914f000, 138412032) = 0 [pid 2856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2856] ioctl(5, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2856] ioctl(5, LOOP_CLR_FD) = 0 [pid 2856] ioctl(5, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2856] close(5) = 0 [pid 2856] close(6) = 0 [pid 2856] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2854] exit_group(0 [pid 2855] <... futex resumed>) = ? [pid 2854] <... exit_group resumed>) = ? [pid 2855] +++ exited with 0 +++ [pid 2856] +++ exited with 0 +++ [pid 2854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2854, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./792", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./792", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./792/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./792/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./792/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./792/bus") = 0 umount2("./792/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./792/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./792/binderfs") = 0 [ 63.368002][ T2855] EXT4-fs (loop0): 1 truncate cleaned up [ 63.373533][ T2855] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./792/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./792/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./792/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./792/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./792/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./792/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./792") = 0 mkdir("./793", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2858 ./strace-static-x86_64: Process 2858 attached [pid 2858] set_robust_list(0x5555564336a0, 24) = 0 [pid 2858] chdir("./793") = 0 [pid 2858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2858] setpgid(0, 0) = 0 [pid 2858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2858] write(3, "1000", 4) = 4 [pid 2858] close(3) = 0 [pid 2858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2858] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2858] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2858] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2858] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2859 attached [pid 2859] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2859] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2858] <... clone3 resumed> => {parent_tid=[2859]}, 88) = 2859 [pid 2858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2858] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2859] <... futex resumed>) = 0 [pid 2858] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2859] memfd_create("syzkaller", 0 [pid 2858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2859] <... memfd_create resumed>) = 3 [pid 2858] <... mmap resumed>) = 0x7f22e154f000 [pid 2859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2858] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2859] <... mmap resumed>) = 0x7f22d914f000 [pid 2858] <... mprotect resumed>) = 0 [pid 2858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2860]}, 88) = 2860 [pid 2858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2858] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2858] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2860 attached [pid 2860] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2860] creat("./bus", 000) = 4 [pid 2859] <... write resumed>) = 262144 [pid 2859] munmap(0x7f22d914f000, 138412032) = 0 [pid 2860] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2859] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2858] <... futex resumed>) = 0 [pid 2858] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2859] <... openat resumed>) = 5 [pid 2859] ioctl(5, LOOP_SET_FD, 3 [pid 2858] <... futex resumed>) = 0 [pid 2858] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2860] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2860] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2858] <... futex resumed>) = 0 [pid 2858] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2858] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2860] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2860] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2858] <... futex resumed>) = 0 [pid 2858] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2858] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2860] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2859] <... ioctl resumed>) = 0 [pid 2859] close(3) = 0 [pid 2859] close(5) = 0 [pid 2859] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2859] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2859] ioctl(3, LOOP_CLR_FD) = 0 [pid 2859] close(3) = 0 [pid 2859] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2859] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2860] <... mmap resumed>) = 0x20000000 [pid 2860] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2858] <... futex resumed>) = 0 [pid 2858] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2860] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2859] <... futex resumed>) = 0 [pid 2858] <... futex resumed>) = 1 [pid 2859] memfd_create("syzkaller", 0) = 3 [pid 2859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2859] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2859] munmap(0x7f22d914f000, 138412032) = 0 [pid 2859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2859] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2859] ioctl(5, LOOP_CLR_FD) = 0 [pid 2859] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2859] close(5) = 0 [ 63.420036][ T293] EXT4-fs (loop0): unmounting filesystem. [ 63.450391][ T2859] loop0: detected capacity change from 0 to 512 [ 63.456915][ T2860] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 2859] close(3) = 0 [pid 2859] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2859] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2858] exit_group(0 [pid 2860] <... futex resumed>) = ? [pid 2858] <... exit_group resumed>) = ? [pid 2860] +++ exited with 0 +++ [pid 2859] <... futex resumed>) = ? [pid 2859] +++ exited with 0 +++ [pid 2858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2858, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./793", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./793", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./793/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./793/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./793/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./793/bus") = 0 umount2("./793/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./793/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./793/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./793") = 0 mkdir("./794", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2861 ./strace-static-x86_64: Process 2861 attached [pid 2861] set_robust_list(0x5555564336a0, 24) = 0 [pid 2861] chdir("./794") = 0 [pid 2861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2861] setpgid(0, 0) = 0 [pid 2861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2861] write(3, "1000", 4) = 4 [pid 2861] close(3) = 0 [pid 2861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2861] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2861] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2861] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2861] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2862 attached [pid 2862] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2862] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2861] <... clone3 resumed> => {parent_tid=[2862]}, 88) = 2862 [pid 2861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2861] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2862] <... futex resumed>) = 0 [pid 2862] memfd_create("syzkaller", 0 [pid 2861] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2862] <... memfd_create resumed>) = 3 [pid 2861] <... futex resumed>) = 0 [pid 2862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2861] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2863]}, 88) = 2863 [pid 2861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2861] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2861] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2863 attached [pid 2863] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2863] creat("./bus", 000) = 4 [pid 2863] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2861] <... futex resumed>) = 0 [pid 2861] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2861] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2863] <... futex resumed>) = 1 [pid 2863] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2863] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2861] <... futex resumed>) = 0 [pid 2861] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2861] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2863] <... futex resumed>) = 1 [pid 2863] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2863] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2861] <... futex resumed>) = 0 [pid 2861] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2861] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2862] <... write resumed>) = 262144 [pid 2863] <... futex resumed>) = 1 [pid 2863] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2862] munmap(0x7f22d9170000, 138412032 [pid 2863] <... mmap resumed>) = 0x20000000 [pid 2863] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2862] <... munmap resumed>) = 0 [pid 2862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2862] ioctl(6, LOOP_SET_FD, 3 [pid 2863] <... futex resumed>) = 1 [pid 2861] <... futex resumed>) = 0 [pid 2861] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2862] <... ioctl resumed>) = 0 [pid 2862] close(3) = 0 [pid 2862] close(6) = 0 [pid 2862] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2862] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2862] ioctl(3, LOOP_CLR_FD [pid 2863] memfd_create("syzkaller", 0) = 6 [pid 2863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2862] <... ioctl resumed>) = 0 [pid 2862] close(3) = 0 [pid 2862] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2862] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2863] write(6, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2863] munmap(0x7f22d9170000, 138412032) = 0 [pid 2863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2863] ioctl(3, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2863] ioctl(3, LOOP_CLR_FD) = 0 [pid 2863] ioctl(3, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2863] close(3) = 0 [pid 2863] close(6) = 0 [pid 2863] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2863] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2861] exit_group(0 [pid 2863] <... futex resumed>) = ? [pid 2862] <... futex resumed>) = ? [pid 2861] <... exit_group resumed>) = ? [pid 2862] +++ exited with 0 +++ [pid 2863] +++ exited with 0 +++ [pid 2861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2861, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./794", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./794", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./794/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./794/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./794/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./794/bus") = 0 umount2("./794/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./794/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./794/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 [ 63.536211][ T2862] loop0: detected capacity change from 0 to 512 [ 63.541988][ T2863] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 31 prio class 2 close(3) = 0 rmdir("./794") = 0 mkdir("./795", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2864 ./strace-static-x86_64: Process 2864 attached [pid 2864] set_robust_list(0x5555564336a0, 24) = 0 [pid 2864] chdir("./795") = 0 [pid 2864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2864] setpgid(0, 0) = 0 [pid 2864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2864] write(3, "1000", 4) = 4 [pid 2864] close(3) = 0 [pid 2864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2864] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2864] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2864] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2864] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2865 attached => {parent_tid=[2865]}, 88) = 2865 [pid 2865] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2865] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2864] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2865] <... futex resumed>) = 0 [pid 2864] <... futex resumed>) = 1 [pid 2865] memfd_create("syzkaller", 0 [pid 2864] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2865] <... memfd_create resumed>) = 3 [pid 2865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2864] <... futex resumed>) = 0 [pid 2864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2864] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2866 attached [pid 2866] set_robust_list(0x7f22d916f9a0, 24 [pid 2864] <... clone3 resumed> => {parent_tid=[2866]}, 88) = 2866 [pid 2866] <... set_robust_list resumed>) = 0 [pid 2866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2866] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2864] rt_sigprocmask(SIG_SETMASK, [], [pid 2865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2864] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2865] <... write resumed>) = 262144 [pid 2865] munmap(0x7f22d9170000, 138412032 [pid 2864] <... futex resumed>) = 1 [pid 2865] <... munmap resumed>) = 0 [pid 2866] <... futex resumed>) = 0 [pid 2866] creat("./bus", 000 [pid 2864] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2866] <... creat resumed>) = 4 [pid 2866] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2866] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2865] ioctl(5, LOOP_SET_FD, 3 [pid 2864] <... futex resumed>) = 0 [pid 2864] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2865] <... ioctl resumed>) = 0 [pid 2865] close(3 [pid 2864] <... futex resumed>) = 1 [pid 2866] <... futex resumed>) = 0 [pid 2865] <... close resumed>) = 0 [pid 2864] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2866] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2865] close(5 [pid 2866] <... mount resumed>) = 0 [pid 2865] <... close resumed>) = 0 [pid 2865] mkdir("./file0", 0777) = 0 [pid 2866] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2864] <... futex resumed>) = 0 [pid 2864] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2864] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2866] <... futex resumed>) = 1 [pid 2866] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2866] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2864] <... futex resumed>) = 0 [pid 2864] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2864] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2866] <... futex resumed>) = 1 [pid 2866] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2865] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2865] ioctl(5, LOOP_CLR_FD) = 0 [pid 2866] <... mmap resumed>) = 0x20000000 [pid 2865] close(5) = 0 [pid 2865] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2865] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2866] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2864] <... futex resumed>) = 0 [pid 2864] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2865] <... futex resumed>) = 0 [pid 2865] memfd_create("syzkaller", 0) = 5 [pid 2865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2866] <... futex resumed>) = 1 [pid 2866] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2865] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2865] munmap(0x7f22d9170000, 138412032) = 0 [pid 2865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2865] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2865] ioctl(6, LOOP_CLR_FD) = 0 [pid 2865] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2865] close(6) = 0 [pid 2865] close(5) = 0 [pid 2865] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2864] exit_group(0 [pid 2865] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2866] <... futex resumed>) = ? [pid 2864] <... exit_group resumed>) = ? [pid 2866] +++ exited with 0 +++ [pid 2865] <... futex resumed>) = ? [pid 2865] +++ exited with 0 +++ [pid 2864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2864, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./795", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./795", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 [ 63.612378][ T2865] loop0: detected capacity change from 0 to 512 umount2("./795/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./795/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./795/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./795/bus") = 0 umount2("./795/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./795/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./795/binderfs") = 0 umount2("./795/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./795/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./795/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./795/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./795/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./795") = 0 mkdir("./796", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2868 ./strace-static-x86_64: Process 2868 attached [pid 2868] set_robust_list(0x5555564336a0, 24) = 0 [pid 2868] chdir("./796") = 0 [pid 2868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2868] setpgid(0, 0) = 0 [pid 2868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2868] write(3, "1000", 4) = 4 [pid 2868] close(3) = 0 [pid 2868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2868] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2868] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2868] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2869 attached => {parent_tid=[2869]}, 88) = 2869 [pid 2869] set_robust_list(0x7f22e15909a0, 24 [pid 2868] rt_sigprocmask(SIG_SETMASK, [], [pid 2869] <... set_robust_list resumed>) = 0 [pid 2868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2869] rt_sigprocmask(SIG_SETMASK, [], [pid 2868] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2868] <... futex resumed>) = 0 [pid 2869] memfd_create("syzkaller", 0 [pid 2868] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2869] <... memfd_create resumed>) = 3 [pid 2869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2869] <... mmap resumed>) = 0x7f22d914f000 [pid 2868] <... mmap resumed>) = 0x7f22e154f000 [pid 2868] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2870]}, 88) = 2870 [pid 2868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2868] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2868] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2870 attached [pid 2869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2870] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2869] munmap(0x7f22d914f000, 138412032 [pid 2870] rt_sigprocmask(SIG_SETMASK, [], [pid 2869] <... munmap resumed>) = 0 [pid 2870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2869] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2870] creat("./bus", 000 [pid 2869] <... openat resumed>) = 4 [pid 2869] ioctl(4, LOOP_SET_FD, 3 [pid 2870] <... creat resumed>) = 5 [pid 2870] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2868] <... futex resumed>) = 0 [pid 2868] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2868] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2870] <... futex resumed>) = 1 [pid 2870] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2870] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2868] <... futex resumed>) = 0 [pid 2868] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2868] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2870] <... futex resumed>) = 1 [pid 2870] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2870] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2868] <... futex resumed>) = 0 [pid 2868] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2868] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2870] <... futex resumed>) = 1 [pid 2870] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2869] <... ioctl resumed>) = 0 [pid 2869] close(3) = 0 [pid 2869] close(4) = 0 [pid 2869] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2869] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2869] ioctl(3, LOOP_CLR_FD) = 0 [pid 2869] close(3) = 0 [pid 2869] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2869] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2870] <... mmap resumed>) = 0x20000000 [pid 2870] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2868] <... futex resumed>) = 0 [pid 2868] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2869] <... futex resumed>) = 0 [pid 2869] memfd_create("syzkaller", 0) = 3 [pid 2869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2870] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2869] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2869] munmap(0x7f22d914f000, 138412032) = 0 [pid 2869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2869] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2869] ioctl(4, LOOP_CLR_FD) = 0 [pid 2869] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2869] close(4) = 0 [pid 2869] close(3) = 0 [pid 2869] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2869] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2868] exit_group(0 [pid 2870] <... futex resumed>) = ? [pid 2868] <... exit_group resumed>) = ? [pid 2870] +++ exited with 0 +++ [pid 2869] <... futex resumed>) = ? [pid 2869] +++ exited with 0 +++ [pid 2868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2868, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./796", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./796", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./796/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./796/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./796/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./796/bus") = 0 umount2("./796/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./796/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./796/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./796") = 0 mkdir("./797", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2871 ./strace-static-x86_64: Process 2871 attached [pid 2871] set_robust_list(0x5555564336a0, 24) = 0 [pid 2871] chdir("./797") = 0 [pid 2871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2871] setpgid(0, 0) = 0 [pid 2871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2871] write(3, "1000", 4) = 4 [pid 2871] close(3) = 0 [pid 2871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2871] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2871] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2871] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2872]}, 88) = 2872 [pid 2871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2871] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2871] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2871] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2873]}, 88) = 2873 [pid 2871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 63.689999][ T2869] loop0: detected capacity change from 0 to 512 [pid 2871] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2871] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2872 attached [pid 2872] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2872] memfd_create("syzkaller", 0./strace-static-x86_64: Process 2873 attached ) = 3 [pid 2872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2873] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2873] creat("./bus", 000) = 4 [pid 2873] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2873] <... futex resumed>) = 1 [pid 2871] <... futex resumed>) = 0 [pid 2871] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2871] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2873] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2872] <... write resumed>) = 262144 [pid 2873] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2872] munmap(0x7f22d914f000, 138412032) = 0 [pid 2872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2872] ioctl(5, LOOP_SET_FD, 3 [pid 2873] <... futex resumed>) = 1 [pid 2871] <... futex resumed>) = 0 [pid 2871] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2871] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2873] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2873] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2873] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2871] <... futex resumed>) = 0 [pid 2872] <... ioctl resumed>) = 0 [pid 2871] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2873] <... futex resumed>) = 0 [pid 2871] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2873] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2872] close(3) = 0 [pid 2872] close(5) = 0 [pid 2873] <... mmap resumed>) = 0x20000000 [pid 2872] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2872] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2872] ioctl(3, LOOP_CLR_FD) = 0 [pid 2872] close(3) = 0 [pid 2872] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2872] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2873] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2871] <... futex resumed>) = 0 [pid 2871] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2872] <... futex resumed>) = 0 [pid 2872] memfd_create("syzkaller", 0) = 3 [pid 2872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2873] <... futex resumed>) = 1 [pid 2873] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2872] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2872] munmap(0x7f22d914f000, 138412032) = 0 [pid 2872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2872] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2872] ioctl(5, LOOP_CLR_FD) = 0 [pid 2872] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2872] close(5) = 0 [pid 2872] close(3) = 0 [pid 2872] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2872] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2871] exit_group(0 [pid 2873] <... futex resumed>) = ? [pid 2872] <... futex resumed>) = ? [pid 2871] <... exit_group resumed>) = ? [pid 2873] +++ exited with 0 +++ [pid 2872] +++ exited with 0 +++ [pid 2871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2871, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./797", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./797", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./797/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./797/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./797/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./797/bus") = 0 [ 63.756441][ T2872] loop0: detected capacity change from 0 to 512 umount2("./797/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./797/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./797/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./797") = 0 mkdir("./798", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2874 ./strace-static-x86_64: Process 2874 attached [pid 2874] set_robust_list(0x5555564336a0, 24) = 0 [pid 2874] chdir("./798") = 0 [pid 2874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2874] setpgid(0, 0) = 0 [pid 2874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2874] write(3, "1000", 4) = 4 [pid 2874] close(3) = 0 [pid 2874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2874] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2874] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2874] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2875 attached => {parent_tid=[2875]}, 88) = 2875 [pid 2874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2875] set_robust_list(0x7f22e15909a0, 24 [pid 2874] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2875] <... set_robust_list resumed>) = 0 [pid 2874] <... futex resumed>) = 0 [pid 2875] rt_sigprocmask(SIG_SETMASK, [], [pid 2874] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2874] <... futex resumed>) = 0 [pid 2875] memfd_create("syzkaller", 0 [pid 2874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2874] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2875] <... memfd_create resumed>) = 3 [pid 2874] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2874] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2875] <... mmap resumed>) = 0x7f22d914f000 [pid 2874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2876 attached [pid 2876] set_robust_list(0x7f22e156f9a0, 24 [pid 2874] <... clone3 resumed> => {parent_tid=[2876]}, 88) = 2876 [pid 2874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2874] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2874] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2876] <... set_robust_list resumed>) = 0 [pid 2876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2876] creat("./bus", 000) = 4 [pid 2875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2876] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2874] <... futex resumed>) = 0 [pid 2874] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2874] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2876] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2875] <... write resumed>) = 262144 [pid 2875] munmap(0x7f22d914f000, 138412032) = 0 [pid 2875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2875] ioctl(5, LOOP_SET_FD, 3 [pid 2876] <... mount resumed>) = 0 [pid 2875] <... ioctl resumed>) = 0 [pid 2875] close(3) = 0 [pid 2875] close(5 [pid 2876] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2875] <... close resumed>) = 0 [pid 2875] mkdir("./file0", 0777 [pid 2876] <... futex resumed>) = 1 [pid 2875] <... mkdir resumed>) = 0 [pid 2874] <... futex resumed>) = 0 [pid 2875] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2874] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2876] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2874] <... futex resumed>) = 0 [pid 2874] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2876] <... open resumed>) = 3 [pid 2876] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2874] <... futex resumed>) = 0 [pid 2876] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2874] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2874] <... futex resumed>) = 0 [pid 2876] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2874] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2876] <... mmap resumed>) = 0x20000000 [pid 2876] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2876] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2875] <... mount resumed>) = 0 [pid 2874] <... futex resumed>) = 0 [pid 2874] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2876] <... futex resumed>) = 0 [pid 2876] memfd_create("syzkaller", 0) = 5 [pid 2876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2875] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2875] ioctl(6, LOOP_CLR_FD) = 0 [pid 2875] close(6) = 0 [pid 2875] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2875] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2876] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2876] munmap(0x7f22d914f000, 138412032) = 0 [pid 2876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2876] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2876] ioctl(6, LOOP_CLR_FD) = 0 [pid 2876] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2876] close(6) = 0 [pid 2876] close(5) = 0 [pid 2876] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2876] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2874] exit_group(0 [pid 2875] <... futex resumed>) = ? [pid 2874] <... exit_group resumed>) = ? [pid 2875] +++ exited with 0 +++ [pid 2876] <... futex resumed>) = ? [pid 2876] +++ exited with 0 +++ [pid 2874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2874, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./798", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./798", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./798/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./798/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./798/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./798/bus") = 0 umount2("./798/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./798/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./798/binderfs") = 0 [ 63.843411][ T2875] loop0: detected capacity change from 0 to 512 [ 63.857794][ T2875] EXT4-fs (loop0): 1 truncate cleaned up [ 63.863439][ T2875] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./798/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./798/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./798/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./798/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./798/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./798/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./798") = 0 mkdir("./799", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2878 ./strace-static-x86_64: Process 2878 attached [pid 2878] set_robust_list(0x5555564336a0, 24) = 0 [pid 2878] chdir("./799") = 0 [pid 2878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2878] setpgid(0, 0) = 0 [pid 2878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2878] write(3, "1000", 4) = 4 [pid 2878] close(3) = 0 [pid 2878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2878] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2878] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2878] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2879]}, 88) = 2879 [pid 2878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2878] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2878] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2878] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2880]}, 88) = 2880 [pid 2878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2878] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2878] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2880 attached [pid 2880] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2880] creat("./bus", 000) = 3 [pid 2880] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2878] <... futex resumed>) = 0 [pid 2878] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2878] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2880] <... futex resumed>) = 1 [pid 2880] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2880] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2878] <... futex resumed>) = 0 [pid 2878] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2878] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2880] <... futex resumed>) = 1 [pid 2880] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2880] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2878] <... futex resumed>) = 0 [pid 2878] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2878] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2880] <... futex resumed>) = 1 [pid 2880] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0./strace-static-x86_64: Process 2879 attached ) = 0x20000000 [pid 2880] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2879] set_robust_list(0x7f22e15909a0, 24 [pid 2880] <... futex resumed>) = 1 [pid 2879] <... set_robust_list resumed>) = 0 [pid 2878] <... futex resumed>) = 0 [pid 2878] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2879] rt_sigprocmask(SIG_SETMASK, [], ) = ? [pid 2880] +++ killed by SIGBUS +++ [pid 2879] +++ killed by SIGBUS +++ [pid 2878] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2878, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./799", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./799", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./799/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./799/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./799/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./799/bus") = 0 umount2("./799/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./799/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./799/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./799") = 0 mkdir("./800", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2881 ./strace-static-x86_64: Process 2881 attached [pid 2881] set_robust_list(0x5555564336a0, 24) = 0 [pid 2881] chdir("./800") = 0 [pid 2881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2881] setpgid(0, 0) = 0 [pid 2881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2881] write(3, "1000", 4) = 4 [pid 2881] close(3) = 0 [pid 2881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2881] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2881] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2881] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2881] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2881] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2882]}, 88) = 2882 [pid 2881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2881] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2881] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2881] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2881] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2883]}, 88) = 2883 [pid 2881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2881] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2881] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2883 attached [pid 2883] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2883] creat("./bus", 000) = 3 [pid 2883] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2881] <... futex resumed>) = 0 [pid 2881] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2881] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2883] <... futex resumed>) = 1 [pid 2883] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2883] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2881] <... futex resumed>) = 0 [pid 2881] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2881] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2883] <... futex resumed>) = 1 [pid 2883] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2883] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2881] <... futex resumed>) = 0 [pid 2881] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2881] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2883] <... futex resumed>) = 1 [pid 2883] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2883] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2881] <... futex resumed>) = 0 [pid 2881] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2883] <... futex resumed>) = 1 [pid 2883] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2883] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2882 attached [pid 2882] +++ killed by SIGBUS +++ [pid 2881] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2881, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./800", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./800", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./800/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./800/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./800/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./800/bus") = 0 umount2("./800/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./800/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./800/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./800") = 0 mkdir("./801", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2884 ./strace-static-x86_64: Process 2884 attached [pid 2884] set_robust_list(0x5555564336a0, 24) = 0 [pid 2884] chdir("./801") = 0 [pid 2884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2884] setpgid(0, 0) = 0 [pid 2884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2884] write(3, "1000", 4) = 4 [pid 2884] close(3) = 0 [pid 2884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2884] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2884] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2884] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2884] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2885]}, 88) = 2885 [pid 2884] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2884] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2884] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2884] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2886]}, 88) = 2886 [pid 2884] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2884] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2884] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2886 attached [pid 2886] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2886] creat("./bus", 000./strace-static-x86_64: Process 2885 attached ) = 3 [pid 2886] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2884] <... futex resumed>) = 0 [pid 2884] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2884] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2886] <... futex resumed>) = 1 [pid 2886] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2886] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2884] <... futex resumed>) = 0 [pid 2884] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2884] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2886] <... futex resumed>) = 1 [pid 2886] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2886] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2884] <... futex resumed>) = 0 [pid 2884] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2884] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2886] <... futex resumed>) = 1 [pid 2886] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2886] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2884] <... futex resumed>) = 0 [pid 2884] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2886] <... futex resumed>) = 1 [pid 2886] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2885] +++ killed by SIGBUS +++ [pid 2886] +++ killed by SIGBUS +++ [pid 2884] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2884, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./801", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./801", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./801/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./801/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./801/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./801/bus") = 0 umount2("./801/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./801/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./801/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./801") = 0 mkdir("./802", 0777) = 0 [ 63.914660][ T293] EXT4-fs (loop0): unmounting filesystem. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2887 ./strace-static-x86_64: Process 2887 attached [pid 2887] set_robust_list(0x5555564336a0, 24) = 0 [pid 2887] chdir("./802") = 0 [pid 2887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2887] setpgid(0, 0) = 0 [pid 2887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2887] write(3, "1000", 4) = 4 [pid 2887] close(3) = 0 [pid 2887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2887] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2887] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2887] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2887] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2888]}, 88) = 2888 [pid 2887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2887] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2887] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2887] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2889]}, 88) = 2889 [pid 2887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2887] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2887] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2889 attached [pid 2889] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2889] creat("./bus", 000./strace-static-x86_64: Process 2888 attached ) = 3 [pid 2889] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2887] <... futex resumed>) = 0 [pid 2887] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2887] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2889] <... futex resumed>) = 1 [pid 2889] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2889] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2887] <... futex resumed>) = 0 [pid 2887] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2887] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2889] <... futex resumed>) = 1 [pid 2889] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2889] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2887] <... futex resumed>) = 0 [pid 2887] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2887] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2889] <... futex resumed>) = 1 [pid 2889] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2889] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2887] <... futex resumed>) = 0 [pid 2887] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2889] <... futex resumed>) = 1 [pid 2889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2888] +++ killed by SIGBUS +++ [pid 2889] +++ killed by SIGBUS +++ [pid 2887] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2887, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./802", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./802", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./802/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./802/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./802/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./802/bus") = 0 umount2("./802/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./802/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./802/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./802") = 0 mkdir("./803", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2890 ./strace-static-x86_64: Process 2890 attached [pid 2890] set_robust_list(0x5555564336a0, 24) = 0 [pid 2890] chdir("./803") = 0 [pid 2890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2890] setpgid(0, 0) = 0 [pid 2890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2890] write(3, "1000", 4) = 4 [pid 2890] close(3) = 0 [pid 2890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2890] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2890] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2890] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2891]}, 88) = 2891 [pid 2890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2890] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2890] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 2891 attached ) = 0 [pid 2890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2892]}, 88) = 2892 [pid 2890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2890] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2891] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2891] memfd_create("syzkaller", 0) = 3 [pid 2891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2892 attached [pid 2891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2892] set_robust_list(0x7f22e156f9a0, 24 [pid 2891] <... write resumed>) = 262144 [pid 2892] <... set_robust_list resumed>) = 0 [pid 2891] munmap(0x7f22d914f000, 138412032) = 0 [pid 2891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2891] ioctl(4, LOOP_SET_FD, 3 [pid 2892] rt_sigprocmask(SIG_SETMASK, [], [pid 2891] <... ioctl resumed>) = 0 [pid 2892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2892] creat("./bus", 000 [pid 2891] close(3 [pid 2892] <... creat resumed>) = 5 [pid 2891] <... close resumed>) = 0 [pid 2891] close(4) = 0 [pid 2891] mkdir("./file0", 0777) = 0 [pid 2892] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2890] <... futex resumed>) = 0 [pid 2890] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2892] <... futex resumed>) = 1 [pid 2892] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2892] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2890] <... futex resumed>) = 0 [pid 2890] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2892] <... futex resumed>) = 1 [pid 2892] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2891] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2892] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2890] <... futex resumed>) = 0 [pid 2890] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2892] <... futex resumed>) = 1 [pid 2892] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2892] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2890] <... futex resumed>) = 0 [pid 2890] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2892] <... futex resumed>) = 1 [pid 2892] memfd_create("syzkaller", 0) = 4 [pid 2892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2892] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2891] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2891] ioctl(6, LOOP_CLR_FD) = 0 [pid 2891] close(6) = 0 [pid 2891] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2891] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2892] <... write resumed>) = 4194304 [pid 2892] munmap(0x7f22d914f000, 138412032) = 0 [pid 2892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2892] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2892] ioctl(6, LOOP_CLR_FD) = 0 [pid 2892] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2892] close(6) = 0 [pid 2892] close(4) = 0 [pid 2892] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2892] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2890] exit_group(0 [pid 2891] <... futex resumed>) = ? [pid 2890] <... exit_group resumed>) = ? [pid 2891] +++ exited with 0 +++ [pid 2892] <... futex resumed>) = ? [pid 2892] +++ exited with 0 +++ [pid 2890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2890, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./803", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./803", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./803/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./803/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./803/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./803/bus") = 0 umount2("./803/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./803/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./803/binderfs") = 0 umount2("./803/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./803/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./803/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./803/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./803/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./803") = 0 [ 63.996083][ T2891] loop0: detected capacity change from 0 to 512 [ 64.018704][ T2891] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 64.031610][ T2891] EXT4-fs (loop0): get root inode failed [ 64.037217][ T2891] EXT4-fs (loop0): mount failed mkdir("./804", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2894 ./strace-static-x86_64: Process 2894 attached [pid 2894] set_robust_list(0x5555564336a0, 24) = 0 [pid 2894] chdir("./804") = 0 [pid 2894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2894] setpgid(0, 0) = 0 [pid 2894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2894] write(3, "1000", 4) = 4 [pid 2894] close(3) = 0 [pid 2894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2894] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2894] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2894] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2894] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2895]}, 88) = 2895 [pid 2894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2894] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2894] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2894] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2896]}, 88) = 2896 [pid 2894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2894] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2894] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2895 attached [pid 2895] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2895] memfd_create("syzkaller", 0) = 3 [pid 2895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 2896 attached [pid 2896] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2896] creat("./bus", 000 [pid 2895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2896] <... creat resumed>) = 4 [pid 2896] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2894] <... futex resumed>) = 0 [pid 2894] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2894] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2895] <... write resumed>) = 262144 [pid 2895] munmap(0x7f22d914f000, 138412032) = 0 [pid 2895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2895] ioctl(5, LOOP_SET_FD, 3 [pid 2896] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2896] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2896] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2895] <... ioctl resumed>) = 0 [pid 2894] <... futex resumed>) = 0 [pid 2894] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2894] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2896] <... futex resumed>) = 0 [pid 2895] close(3 [pid 2896] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2895] <... close resumed>) = 0 [pid 2896] <... open resumed>) = 3 [pid 2895] close(5) = 0 [pid 2896] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2895] mkdir("./file0", 0777 [pid 2894] <... futex resumed>) = 0 [pid 2894] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2894] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2895] <... mkdir resumed>) = 0 [pid 2896] <... futex resumed>) = 1 [pid 2896] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2895] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2895] ioctl(5, LOOP_CLR_FD) = 0 [pid 2895] close(5) = 0 [pid 2895] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2895] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2896] <... mmap resumed>) = 0x20000000 [pid 2896] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2894] <... futex resumed>) = 0 [pid 2894] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2895] <... futex resumed>) = 0 [pid 2895] memfd_create("syzkaller", 0) = 5 [pid 2895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2896] <... futex resumed>) = 1 [pid 2895] <... mmap resumed>) = 0x7f22d914f000 [pid 2896] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2895] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2895] munmap(0x7f22d914f000, 138412032) = 0 [pid 2895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2895] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2895] ioctl(6, LOOP_CLR_FD) = 0 [pid 2895] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2895] close(6) = 0 [pid 2895] close(5) = 0 [pid 2895] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2894] exit_group(0 [pid 2896] <... futex resumed>) = ? [pid 2894] <... exit_group resumed>) = ? [pid 2896] +++ exited with 0 +++ [pid 2895] <... futex resumed>) = ? [pid 2895] +++ exited with 0 +++ [pid 2894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2894, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./804", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./804", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./804/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./804/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./804/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./804/bus") = 0 umount2("./804/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./804/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./804/binderfs") = 0 umount2("./804/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./804/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./804/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./804/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./804/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./804") = 0 mkdir("./805", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2897 ./strace-static-x86_64: Process 2897 attached [pid 2897] set_robust_list(0x5555564336a0, 24) = 0 [pid 2897] chdir("./805") = 0 [pid 2897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2897] setpgid(0, 0) = 0 [pid 2897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2897] write(3, "1000", 4) = 4 [pid 2897] close(3) = 0 [ 64.086029][ T2895] loop0: detected capacity change from 0 to 512 [pid 2897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2897] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2897] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2897] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2897] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2897] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2897] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2898]}, 88) = 2898 ./strace-static-x86_64: Process 2898 attached [pid 2898] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2898] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2897] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2898] <... futex resumed>) = 0 [pid 2897] <... futex resumed>) = 1 [pid 2898] memfd_create("syzkaller", 0 [pid 2897] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2898] <... memfd_create resumed>) = 3 [pid 2898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2898] <... mmap resumed>) = 0x7f22d914f000 [pid 2897] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2897] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2897] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2899 attached [pid 2899] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2899] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] <... clone3 resumed> => {parent_tid=[2899]}, 88) = 2899 [pid 2897] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2897] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2899] <... futex resumed>) = 0 [pid 2899] creat("./bus", 000 [pid 2897] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2899] <... creat resumed>) = 4 [pid 2899] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2899] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2897] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2899] <... futex resumed>) = 0 [pid 2899] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2897] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2898] <... write resumed>) = 262144 [pid 2899] <... mount resumed>) = 0 [pid 2899] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2898] munmap(0x7f22d914f000, 138412032 [pid 2899] <... futex resumed>) = 1 [pid 2897] <... futex resumed>) = 0 [pid 2897] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2897] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2899] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2898] <... munmap resumed>) = 0 [pid 2899] <... open resumed>) = 5 [pid 2898] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2899] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2898] <... openat resumed>) = 6 [pid 2899] <... futex resumed>) = 1 [pid 2898] ioctl(6, LOOP_SET_FD, 3 [pid 2897] <... futex resumed>) = 0 [pid 2899] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2897] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2898] <... ioctl resumed>) = 0 [pid 2899] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2898] close(3 [pid 2899] <... mmap resumed>) = 0x20000000 [pid 2898] <... close resumed>) = 0 [pid 2899] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2899] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] <... futex resumed>) = 0 [pid 2897] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2899] <... futex resumed>) = 0 [pid 2897] <... futex resumed>) = 1 [pid 2899] memfd_create("syzkaller", 0) = 3 [pid 2899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2899] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2898] close(6) = 0 [pid 2898] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2898] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2898] ioctl(6, LOOP_CLR_FD) = 0 [pid 2898] close(6) = 0 [pid 2898] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2898] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2899] <... write resumed>) = 4194304 [pid 2899] munmap(0x7f22d914f000, 138412032) = 0 [pid 2899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2899] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2899] ioctl(6, LOOP_CLR_FD) = 0 [pid 2899] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2899] close(6) = 0 [pid 2899] close(3) = 0 [pid 2899] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2899] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] exit_group(0 [pid 2899] <... futex resumed>) = ? [pid 2898] <... futex resumed>) = ? [pid 2897] <... exit_group resumed>) = ? [pid 2899] +++ exited with 0 +++ [pid 2898] +++ exited with 0 +++ [pid 2897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2897, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./805", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./805", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./805/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./805/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./805/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./805/bus") = 0 umount2("./805/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./805/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./805/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./805") = 0 mkdir("./806", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2900 ./strace-static-x86_64: Process 2900 attached [pid 2900] set_robust_list(0x5555564336a0, 24) = 0 [pid 2900] chdir("./806") = 0 [pid 2900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2900] setpgid(0, 0) = 0 [pid 2900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2900] write(3, "1000", 4) = 4 [pid 2900] close(3) = 0 [pid 2900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2900] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2900] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [ 64.158891][ T2898] loop0: detected capacity change from 0 to 512 [pid 2900] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2901]}, 88) = 2901 [pid 2900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2900] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2900] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 2901 attached [pid 2901] set_robust_list(0x7f22e15909a0, 24 [pid 2900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2902]}, 88) = 2902 [pid 2900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2900] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2902 attached [pid 2902] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2902] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2902] creat("./bus", 000) = 3 [pid 2902] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2900] <... futex resumed>) = 0 [pid 2900] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2902] <... futex resumed>) = 1 [pid 2902] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2902] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2900] <... futex resumed>) = 0 [pid 2900] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2902] <... futex resumed>) = 1 [pid 2902] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2902] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2900] <... futex resumed>) = 0 [pid 2900] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2902] <... futex resumed>) = 1 [pid 2902] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2902] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2900] <... futex resumed>) = 0 [pid 2900] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2902] <... futex resumed>) = 1 [pid 2902] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2901] <... set_robust_list resumed>) = ? [pid 2901] +++ killed by SIGBUS +++ [pid 2902] +++ killed by SIGBUS +++ [pid 2900] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2900, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./806", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./806", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./806/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./806/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./806/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./806/bus") = 0 umount2("./806/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./806/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./806/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./806") = 0 mkdir("./807", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2903 attached , child_tidptr=0x555556433690) = 2903 [pid 2903] set_robust_list(0x5555564336a0, 24) = 0 [pid 2903] chdir("./807") = 0 [pid 2903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2903] setpgid(0, 0) = 0 [pid 2903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2903] write(3, "1000", 4) = 4 [pid 2903] close(3) = 0 [pid 2903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2903] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2903] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2903] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2903] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2903] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2903] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2904]}, 88) = 2904 [pid 2903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2903] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2903] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2903] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2903] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2903] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2905 attached => {parent_tid=[2905]}, 88) = 2905 [pid 2903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2903] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2903] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2904 attached [pid 2904] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2904] memfd_create("syzkaller", 0) = 3 [pid 2904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2905] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2905] creat("./bus", 000) = 4 [pid 2904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2905] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2903] <... futex resumed>) = 0 [pid 2903] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2903] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2905] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2904] <... write resumed>) = 262144 [pid 2904] munmap(0x7f22d914f000, 138412032 [pid 2905] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2903] <... futex resumed>) = 0 [pid 2903] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2903] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2904] <... munmap resumed>) = 0 [pid 2904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2904] ioctl(5, LOOP_SET_FD, 3 [pid 2905] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2904] <... ioctl resumed>) = 0 [pid 2904] close(3) = 0 [pid 2904] close(5) = 0 [pid 2904] mkdir("./file0", 0777) = 0 [pid 2904] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2905] <... open resumed>) = 3 [pid 2905] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2903] <... futex resumed>) = 0 [pid 2903] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2903] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2904] <... mount resumed>) = 0 [pid 2904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2904] chdir("./file0") = 0 [pid 2904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2904] ioctl(6, LOOP_CLR_FD) = 0 [pid 2904] close(6 [pid 2905] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2905] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2903] <... futex resumed>) = 0 [pid 2903] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2905] <... futex resumed>) = 1 [pid 2905] memfd_create("syzkaller", 0) = 6 [pid 2905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2904] <... close resumed>) = 0 [pid 2904] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2904] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2905] <... mmap resumed>) = 0x7f22d914f000 [pid 2905] write(6, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2905] munmap(0x7f22d914f000, 138412032) = 0 [pid 2905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 2905] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2905] ioctl(7, LOOP_CLR_FD) = 0 [pid 2905] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 2905] close(7) = 0 [pid 2905] close(6) = 0 [pid 2905] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2905] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2903] exit_group(0 [pid 2905] <... futex resumed>) = ? [pid 2904] <... futex resumed>) = ? [pid 2903] <... exit_group resumed>) = ? [pid 2904] +++ exited with 0 +++ [pid 2905] +++ exited with 0 +++ [pid 2903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2903, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./807", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./807", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 64.242281][ T2904] loop0: detected capacity change from 0 to 512 [ 64.251276][ T2904] EXT4-fs (loop0): 1 truncate cleaned up [ 64.256826][ T2904] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./807/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./807/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./807/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./807/bus") = 0 umount2("./807/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./807/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./807/binderfs") = 0 umount2("./807/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./807/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./807/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./807/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./807/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./807/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./807") = 0 mkdir("./808", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2907 ./strace-static-x86_64: Process 2907 attached [pid 2907] set_robust_list(0x5555564336a0, 24) = 0 [pid 2907] chdir("./808") = 0 [pid 2907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2907] setpgid(0, 0) = 0 [pid 2907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2907] write(3, "1000", 4) = 4 [pid 2907] close(3) = 0 [pid 2907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2907] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2907] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2908 attached [pid 2908] set_robust_list(0x7f22e15909a0, 24 [pid 2907] <... clone3 resumed> => {parent_tid=[2908]}, 88) = 2908 [pid 2907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2907] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2907] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2907] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2908] <... set_robust_list resumed>) = 0 [pid 2907] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2909 attached [pid 2908] rt_sigprocmask(SIG_SETMASK, [], [pid 2907] <... clone3 resumed> => {parent_tid=[2909]}, 88) = 2909 [pid 2907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2909] set_robust_list(0x7f22e156f9a0, 24 [pid 2908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2907] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2909] <... set_robust_list resumed>) = 0 [pid 2908] memfd_create("syzkaller", 0 [pid 2909] rt_sigprocmask(SIG_SETMASK, [], [pid 2908] <... memfd_create resumed>) = 3 [pid 2909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2909] creat("./bus", 000 [pid 2908] <... mmap resumed>) = 0x7f22d914f000 [pid 2908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 2908] munmap(0x7f22d914f000, 138412032) = 0 [pid 2909] <... creat resumed>) = 4 [pid 2909] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2908] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2909] <... futex resumed>) = 1 [pid 2908] <... openat resumed>) = 5 [pid 2907] <... futex resumed>) = 0 [pid 2907] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2909] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2908] ioctl(5, LOOP_SET_FD, 3 [pid 2909] <... mount resumed>) = 0 [pid 2908] <... ioctl resumed>) = 0 [pid 2909] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2908] close(3 [pid 2909] <... futex resumed>) = 1 [pid 2908] <... close resumed>) = 0 [pid 2907] <... futex resumed>) = 0 [pid 2907] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2909] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2908] close(5 [pid 2909] <... open resumed>) = 3 [pid 2909] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2908] <... close resumed>) = 0 [pid 2909] <... futex resumed>) = 1 [pid 2909] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2907] <... futex resumed>) = 0 [pid 2908] mkdir("./file0", 0777 [pid 2907] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2909] <... futex resumed>) = 0 [pid 2907] <... futex resumed>) = 1 [pid 2907] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2909] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2908] <... mkdir resumed>) = 0 [pid 2908] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2909] <... mmap resumed>) = 0x20000000 [pid 2909] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2907] <... futex resumed>) = 0 [pid 2909] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2907] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2907] <... futex resumed>) = 0 [pid 2909] memfd_create("syzkaller", 0) = 5 [pid 2909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [ 64.307139][ T293] EXT4-fs (loop0): unmounting filesystem. [ 64.337247][ T2908] loop0: detected capacity change from 0 to 512 [pid 2909] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2908] <... mount resumed>) = 0 [pid 2909] <... write resumed>) = 4194304 [pid 2908] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY [pid 2909] munmap(0x7f22d914f000, 138412032) = 0 [pid 2908] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 2909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2908] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2909] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2908] <... openat resumed>) = 7 [pid 2909] ioctl(6, LOOP_CLR_FD [pid 2908] ioctl(7, LOOP_CLR_FD [pid 2909] <... ioctl resumed>) = 0 [pid 2908] <... ioctl resumed>) = 0 [pid 2908] close(7) = 0 [pid 2909] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2909] close(6) = 0 [pid 2909] close(5) = 0 [pid 2909] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2909] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2908] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2908] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2907] exit_group(0) = ? [pid 2909] <... futex resumed>) = ? [pid 2908] <... futex resumed>) = ? [pid 2909] +++ exited with 0 +++ [pid 2908] +++ exited with 0 +++ [pid 2907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2907, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./808", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./808", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./808/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./808/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./808/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./808/bus") = 0 umount2("./808/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./808/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./808/binderfs") = 0 [ 64.361935][ T2908] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor245: couldn't read orphan inode 12 (err -116) [ 64.381285][ T2908] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./808/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./808/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./808/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./808/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./808/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./808/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./808") = 0 mkdir("./809", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2911 ./strace-static-x86_64: Process 2911 attached [pid 2911] set_robust_list(0x5555564336a0, 24) = 0 [pid 2911] chdir("./809") = 0 [pid 2911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2911] setpgid(0, 0) = 0 [pid 2911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2911] write(3, "1000", 4) = 4 [pid 2911] close(3) = 0 [pid 2911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2911] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2911] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2911] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2911] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2912 attached [pid 2912] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2912] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2911] <... clone3 resumed> => {parent_tid=[2912]}, 88) = 2912 [pid 2911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2911] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2912] <... futex resumed>) = 0 [pid 2911] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2912] memfd_create("syzkaller", 0) = 3 [pid 2911] <... futex resumed>) = 0 [pid 2912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2911] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2913]}, 88) = 2913 [pid 2911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2911] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2911] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2913 attached [pid 2913] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2912] <... write resumed>) = 262144 [pid 2913] rt_sigprocmask(SIG_SETMASK, [], [pid 2912] munmap(0x7f22d9170000, 138412032 [pid 2913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2912] <... munmap resumed>) = 0 [pid 2913] creat("./bus", 000 [pid 2912] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2913] <... creat resumed>) = 4 [pid 2912] <... openat resumed>) = 5 [pid 2913] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2912] ioctl(5, LOOP_SET_FD, 3 [pid 2911] <... futex resumed>) = 0 [pid 2913] <... futex resumed>) = 1 [pid 2911] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2913] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2911] <... futex resumed>) = 0 [pid 2911] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2913] <... mount resumed>) = 0 [pid 2912] <... ioctl resumed>) = 0 [pid 2913] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2912] close(3 [pid 2913] <... futex resumed>) = 1 [pid 2912] <... close resumed>) = 0 [pid 2911] <... futex resumed>) = 0 [pid 2913] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2911] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2911] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2912] close(5 [pid 2913] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2912] <... close resumed>) = 0 [pid 2913] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2913] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2912] mkdir("./file0", 0777 [pid 2911] <... futex resumed>) = 0 [pid 2911] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2913] <... futex resumed>) = 0 [pid 2911] <... futex resumed>) = 1 [pid 2913] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2911] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2912] <... mkdir resumed>) = 0 [pid 2912] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2912] ioctl(5, LOOP_CLR_FD [pid 2913] <... mmap resumed>) = 0x20000000 [pid 2912] <... ioctl resumed>) = 0 [pid 2912] close(5) = 0 [pid 2912] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2912] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2913] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2913] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2911] <... futex resumed>) = 0 [pid 2911] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2912] <... futex resumed>) = 0 [pid 2912] memfd_create("syzkaller", 0) = 5 [pid 2912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2912] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2912] munmap(0x7f22d9170000, 138412032) = 0 [pid 2912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2912] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2912] ioctl(6, LOOP_CLR_FD) = 0 [pid 2912] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2912] close(6) = 0 [pid 2912] close(5) = 0 [pid 2912] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2912] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2911] exit_group(0) = ? [pid 2913] <... futex resumed>) = ? [pid 2912] <... futex resumed>) = ? [pid 2913] +++ exited with 0 +++ [pid 2912] +++ exited with 0 +++ [pid 2911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2911, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./809", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./809", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 64.415760][ T293] EXT4-fs (loop0): unmounting filesystem. [ 64.445769][ T2912] loop0: detected capacity change from 0 to 512 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./809/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./809/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./809/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./809/bus") = 0 umount2("./809/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./809/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./809/binderfs") = 0 umount2("./809/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./809/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./809/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./809/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./809/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./809") = 0 mkdir("./810", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2914 ./strace-static-x86_64: Process 2914 attached [pid 2914] set_robust_list(0x5555564336a0, 24) = 0 [pid 2914] chdir("./810") = 0 [pid 2914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2914] setpgid(0, 0) = 0 [pid 2914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2914] write(3, "1000", 4) = 4 [pid 2914] close(3) = 0 [pid 2914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2914] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2914] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2914] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2915 attached => {parent_tid=[2915]}, 88) = 2915 [pid 2915] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2915] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2914] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2915] <... futex resumed>) = 0 [pid 2915] memfd_create("syzkaller", 0 [pid 2914] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2915] <... memfd_create resumed>) = 3 [pid 2914] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2916]}, 88) = 2916 ./strace-static-x86_64: Process 2916 attached [pid 2915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2916] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2916] rt_sigprocmask(SIG_SETMASK, [], [pid 2915] <... write resumed>) = 262144 [pid 2914] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2915] munmap(0x7f22d914f000, 138412032 [pid 2914] <... futex resumed>) = 0 [pid 2915] <... munmap resumed>) = 0 [pid 2914] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2916] creat("./bus", 000 [pid 2915] close(3 [pid 2916] <... creat resumed>) = 5 [pid 2915] <... close resumed>) = 0 [pid 2916] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2915] close(4 [pid 2916] <... futex resumed>) = 1 [pid 2914] <... futex resumed>) = 0 [pid 2914] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2914] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2916] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2915] <... close resumed>) = 0 [pid 2916] <... mount resumed>) = 0 [pid 2916] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2916] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2915] mkdir("./file0", 0777) = 0 [pid 2915] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2914] <... futex resumed>) = 0 [pid 2914] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2914] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2916] <... futex resumed>) = 0 [pid 2916] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2916] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2914] <... futex resumed>) = 0 [pid 2914] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2914] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2916] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2916] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2914] <... futex resumed>) = 0 [pid 2914] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2916] <... futex resumed>) = 1 [pid 2916] memfd_create("syzkaller", 0) = 4 [pid 2916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2916] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2916] munmap(0x7f22d914f000, 138412032) = 0 [pid 2916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2916] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2916] ioctl(6, LOOP_CLR_FD) = 0 [pid 2916] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2916] close(6) = 0 [pid 2916] close(4 [pid 2915] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2916] <... close resumed>) = 0 [pid 2915] ioctl(4, LOOP_CLR_FD [pid 2916] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2915] <... ioctl resumed>) = 0 [pid 2916] <... futex resumed>) = 0 [pid 2916] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2915] close(4) = 0 [pid 2915] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2915] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2914] exit_group(0) = ? [pid 2916] <... futex resumed>) = ? [pid 2916] +++ exited with 0 +++ [pid 2915] <... futex resumed>) = ? [pid 2915] +++ exited with 0 +++ [pid 2914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2914, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./810", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./810", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./810/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./810/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./810/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./810/bus") = 0 umount2("./810/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./810/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./810/binderfs") = 0 umount2("./810/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./810/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./810/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./810/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./810/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./810") = 0 mkdir("./811", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2918 ./strace-static-x86_64: Process 2918 attached [pid 2918] set_robust_list(0x5555564336a0, 24) = 0 [pid 2918] chdir("./811") = 0 [pid 2918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2918] setpgid(0, 0) = 0 [pid 2918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2918] write(3, "1000", 4) = 4 [pid 2918] close(3) = 0 [pid 2918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2918] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2918] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2919 attached => {parent_tid=[2919]}, 88) = 2919 [pid 2919] set_robust_list(0x7f22e15909a0, 24 [pid 2918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2918] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2918] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2919] <... set_robust_list resumed>) = 0 [pid 2918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2920]}, 88) = 2920 [pid 2918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2918] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2919] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2920 attached [pid 2920] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2920] creat("./bus", 000 [pid 2919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2920] <... creat resumed>) = 3 [pid 2919] memfd_create("syzkaller", 0 [pid 2920] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2918] <... futex resumed>) = 0 [pid 2918] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2920] <... futex resumed>) = 1 [pid 2920] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2919] <... memfd_create resumed>) = 4 [pid 2920] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2918] <... futex resumed>) = 0 [pid 2918] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2920] <... futex resumed>) = 1 [pid 2920] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2920] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2918] <... futex resumed>) = 0 [pid 2918] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2920] <... futex resumed>) = 1 [pid 2920] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2919] <... mmap resumed>) = 0x7f22d914f000 [pid 2920] <... mmap resumed>) = 0x20000000 [pid 2920] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2918] <... futex resumed>) = 0 [pid 2918] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2920] <... futex resumed>) = 1 [pid 2920] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2919] +++ killed by SIGBUS +++ [pid 2920] +++ killed by SIGBUS +++ [pid 2918] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2918, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./811", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./811", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./811/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./811/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./811/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./811/bus") = 0 umount2("./811/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./811/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./811/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./811") = 0 mkdir("./812", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2921 ./strace-static-x86_64: Process 2921 attached [pid 2921] set_robust_list(0x5555564336a0, 24) = 0 [pid 2921] chdir("./812") = 0 [ 64.522564][ T2915] loop0: detected capacity change from 0 to 512 [ 64.541755][ T2915] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 64.554542][ T2915] EXT4-fs (loop0): get root inode failed [ 64.560139][ T2915] EXT4-fs (loop0): mount failed [pid 2921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2921] setpgid(0, 0) = 0 [pid 2921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2921] write(3, "1000", 4) = 4 [pid 2921] close(3) = 0 [pid 2921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2921] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2921] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2921] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2921] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2921] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2922 attached [pid 2922] set_robust_list(0x7f22e15909a0, 24 [pid 2921] <... clone3 resumed> => {parent_tid=[2922]}, 88) = 2922 [pid 2922] <... set_robust_list resumed>) = 0 [pid 2921] rt_sigprocmask(SIG_SETMASK, [], [pid 2922] rt_sigprocmask(SIG_SETMASK, [], [pid 2921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2921] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2921] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2922] memfd_create("syzkaller", 0 [pid 2921] <... mmap resumed>) = 0x7f22e154f000 [pid 2922] <... memfd_create resumed>) = 3 [pid 2921] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2921] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2922] <... mmap resumed>) = 0x7f22d914f000 ./strace-static-x86_64: Process 2923 attached [pid 2923] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2923] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2921] <... clone3 resumed> => {parent_tid=[2923]}, 88) = 2923 [pid 2921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2921] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2923] <... futex resumed>) = 0 [pid 2923] creat("./bus", 000 [pid 2921] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2923] <... creat resumed>) = 4 [pid 2923] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2923] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2921] <... futex resumed>) = 0 [pid 2921] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2923] <... futex resumed>) = 0 [pid 2923] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2921] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2923] <... mount resumed>) = 0 [pid 2923] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2921] <... futex resumed>) = 0 [pid 2921] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2923] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2921] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2923] <... open resumed>) = 5 [pid 2923] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2921] <... futex resumed>) = 0 [pid 2923] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2921] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2921] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2923] <... mmap resumed>) = 0x20000000 [pid 2922] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d79} --- [pid 2923] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2921] <... futex resumed>) = 0 [pid 2921] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2923] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2923] +++ killed by SIGBUS +++ [pid 2922] +++ killed by SIGBUS +++ [pid 2921] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2921, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./812", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./812", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./812/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./812/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./812/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./812/bus") = 0 umount2("./812/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./812/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./812/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./812") = 0 mkdir("./813", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2924 ./strace-static-x86_64: Process 2924 attached [pid 2924] set_robust_list(0x5555564336a0, 24) = 0 [pid 2924] chdir("./813") = 0 [pid 2924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2924] setpgid(0, 0) = 0 [pid 2924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2924] write(3, "1000", 4) = 4 [pid 2924] close(3) = 0 [pid 2924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2924] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2924] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2924] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2924] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2925]}, 88) = 2925 ./strace-static-x86_64: Process 2925 attached [pid 2924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2924] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2924] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2924] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2926]}, 88) = 2926 [pid 2924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2924] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2924] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2926 attached [pid 2926] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2926] creat("./bus", 000) = 3 [pid 2925] set_robust_list(0x7f22e15909a0, 24 [pid 2926] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2924] <... futex resumed>) = 0 [pid 2924] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2924] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2926] <... futex resumed>) = 1 [pid 2926] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2925] <... set_robust_list resumed>) = 0 [pid 2926] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2924] <... futex resumed>) = 0 [pid 2924] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2924] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2925] rt_sigprocmask(SIG_SETMASK, [], [pid 2926] <... futex resumed>) = 1 [pid 2926] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2926] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2924] <... futex resumed>) = 0 [pid 2924] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2924] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2926] <... futex resumed>) = 1 [pid 2926] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2926] <... mmap resumed>) = 0x20000000 [pid 2925] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000184} --- [pid 2926] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2924] <... futex resumed>) = 0 [pid 2924] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] <... futex resumed>) = 1 [pid 2926] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2926] +++ killed by SIGBUS +++ [pid 2925] +++ killed by SIGBUS +++ [pid 2924] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2924, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./813", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./813", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./813/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./813/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./813/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./813/bus") = 0 umount2("./813/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./813/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./813/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./813") = 0 mkdir("./814", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2927 ./strace-static-x86_64: Process 2927 attached [pid 2927] set_robust_list(0x5555564336a0, 24) = 0 [pid 2927] chdir("./814") = 0 [pid 2927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2927] setpgid(0, 0) = 0 [pid 2927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2927] write(3, "1000", 4) = 4 [pid 2927] close(3) = 0 [pid 2927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2927] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2927] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2927] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2927] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2928 attached [pid 2928] set_robust_list(0x7f22e15909a0, 24 [pid 2927] <... clone3 resumed> => {parent_tid=[2928]}, 88) = 2928 [pid 2928] <... set_robust_list resumed>) = 0 [pid 2927] rt_sigprocmask(SIG_SETMASK, [], [pid 2928] rt_sigprocmask(SIG_SETMASK, [], [pid 2927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2927] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2927] <... futex resumed>) = 0 [pid 2927] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2928] memfd_create("syzkaller", 0 [pid 2927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2928] <... memfd_create resumed>) = 3 [pid 2927] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2928] <... mmap resumed>) = 0x7f22d914f000 [pid 2927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2929 attached [pid 2929] set_robust_list(0x7f22e156f9a0, 24 [pid 2927] <... clone3 resumed> => {parent_tid=[2929]}, 88) = 2929 [pid 2929] <... set_robust_list resumed>) = 0 [pid 2929] rt_sigprocmask(SIG_SETMASK, [], [pid 2927] rt_sigprocmask(SIG_SETMASK, [], [pid 2929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2929] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2927] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2929] creat("./bus", 000 [pid 2927] <... futex resumed>) = 0 [pid 2927] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2929] <... creat resumed>) = 4 [pid 2929] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2927] <... futex resumed>) = 0 [pid 2929] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2927] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2929] <... mount resumed>) = 0 [pid 2927] <... futex resumed>) = 0 [pid 2929] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2927] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2929] <... futex resumed>) = 0 [pid 2927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2929] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2927] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2929] <... open resumed>) = 5 [pid 2927] <... futex resumed>) = 0 [pid 2929] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2927] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2929] <... futex resumed>) = 0 [pid 2927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2929] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2927] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2927] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2929] <... mmap resumed>) = 0x20000000 [pid 2928] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d00} --- [pid 2929] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 2927] <... futex resumed>) = ? [pid 2928] +++ killed by SIGBUS +++ [pid 2929] +++ killed by SIGBUS +++ [pid 2927] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2927, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./814", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./814", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./814/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./814/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./814/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./814/bus") = 0 umount2("./814/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./814/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./814/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./814") = 0 mkdir("./815", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2931 ./strace-static-x86_64: Process 2931 attached [pid 2931] set_robust_list(0x5555564336a0, 24) = 0 [pid 2931] chdir("./815") = 0 [pid 2931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2931] setpgid(0, 0) = 0 [pid 2931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2931] write(3, "1000", 4) = 4 [pid 2931] close(3) = 0 [pid 2931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2931] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2931] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2931] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2932 attached => {parent_tid=[2932]}, 88) = 2932 [pid 2932] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2932] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2931] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2932] <... futex resumed>) = 0 [pid 2932] memfd_create("syzkaller", 0 [pid 2931] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2932] <... memfd_create resumed>) = 3 [pid 2932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2931] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[2933]}, 88) = 2933 ./strace-static-x86_64: Process 2933 attached [pid 2932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2933] set_robust_list(0x7f22d916f9a0, 24 [pid 2931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2931] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2931] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2933] <... set_robust_list resumed>) = 0 [pid 2932] <... write resumed>) = 262144 [pid 2932] munmap(0x7f22d9170000, 138412032 [pid 2933] rt_sigprocmask(SIG_SETMASK, [], [pid 2932] <... munmap resumed>) = 0 [pid 2932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2932] ioctl(4, LOOP_SET_FD, 3 [pid 2933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2933] creat("./bus", 000) = 5 [pid 2933] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2931] <... futex resumed>) = 0 [pid 2931] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2931] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2933] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2933] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2931] <... futex resumed>) = 0 [pid 2931] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2931] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2933] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2933] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2931] <... futex resumed>) = 0 [pid 2931] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2931] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2933] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2932] <... ioctl resumed>) = 0 [pid 2932] close(3) = 0 [pid 2932] close(4) = 0 [pid 2932] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2932] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2932] ioctl(3, LOOP_CLR_FD) = 0 [pid 2932] close(3) = 0 [pid 2932] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2932] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2933] <... mmap resumed>) = 0x20000000 [pid 2933] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2931] <... futex resumed>) = 0 [pid 2931] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2932] <... futex resumed>) = 0 [pid 2932] memfd_create("syzkaller", 0) = 3 [pid 2932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2933] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2932] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2932] munmap(0x7f22d9170000, 138412032) = 0 [pid 2932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2932] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2932] ioctl(4, LOOP_CLR_FD) = 0 [pid 2932] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2932] close(4) = 0 [pid 2932] close(3) = 0 [pid 2932] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2932] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2931] exit_group(0 [pid 2933] <... futex resumed>) = ? [pid 2931] <... exit_group resumed>) = ? [pid 2933] +++ exited with 0 +++ [pid 2932] <... futex resumed>) = ? [pid 2932] +++ exited with 0 +++ [pid 2931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2931, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./815", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./815", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./815/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./815/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./815/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./815/bus") = 0 umount2("./815/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./815/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./815/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./815") = 0 mkdir("./816", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2934 ./strace-static-x86_64: Process 2934 attached [pid 2934] set_robust_list(0x5555564336a0, 24) = 0 [pid 2934] chdir("./816") = 0 [pid 2934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2934] setpgid(0, 0) = 0 [pid 2934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2934] write(3, "1000", 4) = 4 [pid 2934] close(3) = 0 [pid 2934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2934] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2934] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2934] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2934] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2935]}, 88) = 2935 [pid 2934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2934] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2934] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2934] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2936]}, 88) = 2936 [pid 2934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2934] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2934] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2935 attached [pid 2935] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2935] memfd_create("syzkaller", 0) = 3 [pid 2935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 2936 attached ) = 0x7f22d914f000 [pid 2936] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2936] creat("./bus", 000) = 4 [pid 2935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2936] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2934] <... futex resumed>) = 0 [pid 2934] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2934] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2936] <... futex resumed>) = 1 [pid 2936] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2936] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2934] <... futex resumed>) = 0 [pid 2934] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2934] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2935] <... write resumed>) = 262144 [pid 2935] munmap(0x7f22d914f000, 138412032 [pid 2936] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2935] <... munmap resumed>) = 0 [pid 2935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 64.679174][ T2932] loop0: detected capacity change from 0 to 512 [pid 2935] ioctl(5, LOOP_SET_FD, 3 [pid 2936] <... open resumed>) = 6 [pid 2936] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2936] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2934] <... futex resumed>) = 0 [pid 2935] <... ioctl resumed>) = 0 [pid 2934] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2936] <... futex resumed>) = 0 [pid 2935] close(3 [pid 2934] <... futex resumed>) = 1 [pid 2934] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2935] <... close resumed>) = 0 [pid 2936] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2935] close(5 [pid 2936] <... mmap resumed>) = 0x20000000 [pid 2935] <... close resumed>) = 0 [pid 2935] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2935] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2935] ioctl(3, LOOP_CLR_FD) = 0 [pid 2935] close(3 [pid 2936] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2934] <... futex resumed>) = 0 [pid 2934] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] memfd_create("syzkaller", 0) = 3 [pid 2935] <... close resumed>) = 0 [pid 2935] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2935] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2936] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2936] munmap(0x7f22d914f000, 138412032) = 0 [pid 2936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2936] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2936] ioctl(5, LOOP_CLR_FD) = 0 [pid 2936] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2936] close(5) = 0 [pid 2936] close(3) = 0 [pid 2936] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2934] exit_group(0 [pid 2935] <... futex resumed>) = ? [pid 2934] <... exit_group resumed>) = ? [pid 2935] +++ exited with 0 +++ [pid 2936] +++ exited with 0 +++ [pid 2934] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2934, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./816", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./816", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./816/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./816/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./816/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./816/bus") = 0 umount2("./816/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./816/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./816/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./816") = 0 mkdir("./817", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2937 ./strace-static-x86_64: Process 2937 attached [pid 2937] set_robust_list(0x5555564336a0, 24) = 0 [pid 2937] chdir("./817") = 0 [pid 2937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2937] setpgid(0, 0) = 0 [pid 2937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2937] write(3, "1000", 4) = 4 [pid 2937] close(3) = 0 [pid 2937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2937] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2937] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2937] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2937] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2937] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2938 attached [pid 2938] set_robust_list(0x7f22e15909a0, 24 [pid 2937] <... clone3 resumed> => {parent_tid=[2938]}, 88) = 2938 [pid 2938] <... set_robust_list resumed>) = 0 [ 64.738486][ T2935] loop0: detected capacity change from 0 to 512 [pid 2937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2937] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2938] memfd_create("syzkaller", 0 [pid 2937] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2938] <... memfd_create resumed>) = 3 [pid 2937] <... mmap resumed>) = 0x7f22e154f000 [pid 2938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2937] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2937] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2938] <... mmap resumed>) = 0x7f22d914f000 [pid 2937] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2939 attached [pid 2939] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2939] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2937] <... clone3 resumed> => {parent_tid=[2939]}, 88) = 2939 [pid 2937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2937] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2939] <... futex resumed>) = 0 [pid 2939] creat("./bus", 000 [pid 2937] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2939] <... creat resumed>) = 4 [pid 2939] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2937] <... futex resumed>) = 0 [pid 2939] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2937] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2939] <... futex resumed>) = 0 [pid 2939] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2937] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2939] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2939] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2937] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2937] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2939] <... futex resumed>) = 0 [pid 2939] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2939] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2937] <... futex resumed>) = 0 [pid 2939] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2937] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2937] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2939] <... mmap resumed>) = 0x20000000 [pid 2939] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2938] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dca} --- [pid 2939] <... futex resumed>) = ? [pid 2937] <... futex resumed>) = ? [pid 2939] +++ killed by SIGBUS +++ [pid 2938] +++ killed by SIGBUS +++ [pid 2937] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2937, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./817", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./817", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./817/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./817/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./817/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./817/bus") = 0 umount2("./817/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./817/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./817/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./817") = 0 mkdir("./818", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2940 ./strace-static-x86_64: Process 2940 attached [pid 2940] set_robust_list(0x5555564336a0, 24) = 0 [pid 2940] chdir("./818") = 0 [pid 2940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2940] setpgid(0, 0) = 0 [pid 2940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2940] write(3, "1000", 4) = 4 [pid 2940] close(3) = 0 [pid 2940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2940] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2940] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2940] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2940] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2941]}, 88) = 2941 [pid 2940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2940] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2940] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2940] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2942 attached ./strace-static-x86_64: Process 2941 attached => {parent_tid=[2942]}, 88) = 2942 [pid 2940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2940] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2942] set_robust_list(0x7f22e156f9a0, 24 [pid 2941] set_robust_list(0x7f22e15909a0, 24 [pid 2942] <... set_robust_list resumed>) = 0 [pid 2941] <... set_robust_list resumed>) = 0 [pid 2942] rt_sigprocmask(SIG_SETMASK, [], [pid 2941] rt_sigprocmask(SIG_SETMASK, [], [pid 2942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2942] creat("./bus", 000 [pid 2941] memfd_create("syzkaller", 0) = 3 [pid 2942] <... creat resumed>) = 4 [pid 2941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2942] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2940] <... futex resumed>) = 0 [pid 2940] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2942] <... futex resumed>) = 1 [pid 2942] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2942] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2940] <... futex resumed>) = 0 [pid 2940] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2942] <... futex resumed>) = 1 [pid 2942] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2942] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2940] <... futex resumed>) = 0 [pid 2940] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2942] <... futex resumed>) = 1 [pid 2942] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2942] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2940] <... futex resumed>) = 0 [pid 2940] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2942] <... futex resumed>) = 1 [pid 2942] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2942] +++ killed by SIGBUS +++ [pid 2941] <... write resumed>) = ? [pid 2941] +++ killed by SIGBUS +++ [pid 2940] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2940, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./818", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./818", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./818/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./818/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./818/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./818/bus") = 0 umount2("./818/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./818/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./818/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./818") = 0 mkdir("./819", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2943 ./strace-static-x86_64: Process 2943 attached [pid 2943] set_robust_list(0x5555564336a0, 24) = 0 [pid 2943] chdir("./819") = 0 [pid 2943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2943] setpgid(0, 0) = 0 [pid 2943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2943] write(3, "1000", 4) = 4 [pid 2943] close(3) = 0 [pid 2943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2943] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2943] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2943] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2943] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2943] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2944 attached [pid 2944] set_robust_list(0x7f22e15909a0, 24 [pid 2943] <... clone3 resumed> => {parent_tid=[2944]}, 88) = 2944 [pid 2944] <... set_robust_list resumed>) = 0 [pid 2943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2944] rt_sigprocmask(SIG_SETMASK, [], [pid 2943] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2943] <... futex resumed>) = 0 [pid 2943] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2944] memfd_create("syzkaller", 0 [pid 2943] <... mmap resumed>) = 0x7f22e154f000 [pid 2943] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2944] <... memfd_create resumed>) = 3 [pid 2944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2943] <... mprotect resumed>) = 0 [pid 2943] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2944] <... mmap resumed>) = 0x7f22d914f000 [pid 2943] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2945 attached => {parent_tid=[2945]}, 88) = 2945 [pid 2945] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2945] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2943] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2945] <... futex resumed>) = 0 [pid 2945] creat("./bus", 000 [pid 2943] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2945] <... creat resumed>) = 4 [pid 2945] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2945] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2943] <... futex resumed>) = 0 [pid 2943] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2943] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2945] <... futex resumed>) = 0 [pid 2945] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2945] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2943] <... futex resumed>) = 0 [pid 2945] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2943] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2943] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2945] <... open resumed>) = 5 [pid 2945] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2943] <... futex resumed>) = 0 [pid 2945] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2943] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2943] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2945] <... mmap resumed>) = 0x20000000 [pid 2944] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000db6} --- [pid 2943] <... futex resumed>) = ? [pid 2945] +++ killed by SIGBUS +++ [pid 2944] +++ killed by SIGBUS +++ [pid 2943] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2943, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./819", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./819", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./819/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./819/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./819/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./819/bus") = 0 umount2("./819/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./819/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./819/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./819") = 0 mkdir("./820", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2946 ./strace-static-x86_64: Process 2946 attached [pid 2946] set_robust_list(0x5555564336a0, 24) = 0 [pid 2946] chdir("./820") = 0 [pid 2946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2946] setpgid(0, 0) = 0 [pid 2946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2946] write(3, "1000", 4) = 4 [pid 2946] close(3) = 0 [pid 2946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2946] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2946] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2946] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2946] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2947 attached [pid 2947] set_robust_list(0x7f22e15909a0, 24 [pid 2946] <... clone3 resumed> => {parent_tid=[2947]}, 88) = 2947 [pid 2947] <... set_robust_list resumed>) = 0 [pid 2946] rt_sigprocmask(SIG_SETMASK, [], [pid 2947] rt_sigprocmask(SIG_SETMASK, [], [pid 2946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2946] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2946] <... futex resumed>) = 0 [pid 2947] memfd_create("syzkaller", 0 [pid 2946] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2947] <... memfd_create resumed>) = 3 [pid 2947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2946] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2947] <... mmap resumed>) = 0x7f22d914f000 [pid 2946] <... mprotect resumed>) = 0 [pid 2946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2948 attached => {parent_tid=[2948]}, 88) = 2948 [pid 2948] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2948] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2946] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2948] <... futex resumed>) = 0 [pid 2948] creat("./bus", 000 [pid 2946] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2948] <... creat resumed>) = 4 [pid 2948] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2948] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2946] <... futex resumed>) = 0 [pid 2946] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2948] <... futex resumed>) = 0 [pid 2948] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2946] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2948] <... mount resumed>) = 0 [pid 2948] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2946] <... futex resumed>) = 0 [pid 2948] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2946] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2946] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2948] <... open resumed>) = 5 [pid 2948] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2946] <... futex resumed>) = 0 [pid 2948] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2946] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2946] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2948] <... mmap resumed>) = 0x20000000 [pid 2947] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000da6} --- [pid 2946] <... futex resumed>) = ? [pid 2947] +++ killed by SIGBUS +++ [pid 2948] +++ killed by SIGBUS +++ [pid 2946] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2946, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./820", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./820", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./820/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./820/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./820/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./820/bus") = 0 umount2("./820/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./820/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./820/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./820") = 0 mkdir("./821", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2949 ./strace-static-x86_64: Process 2949 attached [pid 2949] set_robust_list(0x5555564336a0, 24) = 0 [pid 2949] chdir("./821") = 0 [pid 2949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2949] setpgid(0, 0) = 0 [pid 2949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2949] write(3, "1000", 4) = 4 [pid 2949] close(3) = 0 [pid 2949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2949] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2949] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2949] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2949] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2950 attached => {parent_tid=[2950]}, 88) = 2950 [pid 2950] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2950] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2949] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2950] <... futex resumed>) = 0 [pid 2950] memfd_create("syzkaller", 0 [pid 2949] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2949] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 2950] <... memfd_create resumed>) = 3 [pid 2949] <... clone3 resumed> => {parent_tid=[2951]}, 88) = 2951 [pid 2949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2949] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2949] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2951 attached [pid 2951] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2951] creat("./bus", 000 [pid 2950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2951] <... creat resumed>) = 4 [pid 2951] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2949] <... futex resumed>) = 0 [pid 2949] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2949] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2951] <... futex resumed>) = 1 [pid 2951] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2951] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2949] <... futex resumed>) = 0 [pid 2949] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2949] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2951] <... futex resumed>) = 1 [pid 2951] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2951] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2949] <... futex resumed>) = 0 [pid 2949] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2949] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2951] <... futex resumed>) = 1 [pid 2951] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2950] <... mmap resumed>) = 0x7f22d914f000 [pid 2950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000982} --- [pid 2951] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2949] <... futex resumed>) = ? [pid 2951] <... futex resumed>) = ? [pid 2951] +++ killed by SIGBUS +++ [pid 2950] +++ killed by SIGBUS +++ [pid 2949] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2949, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./821", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./821", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./821/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./821/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./821/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./821/bus") = 0 umount2("./821/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./821/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./821/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./821") = 0 mkdir("./822", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2952 ./strace-static-x86_64: Process 2952 attached [pid 2952] set_robust_list(0x5555564336a0, 24) = 0 [pid 2952] chdir("./822") = 0 [pid 2952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2952] setpgid(0, 0) = 0 [pid 2952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2952] write(3, "1000", 4) = 4 [pid 2952] close(3) = 0 [pid 2952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2952] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2952] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2952] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2952] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2953]}, 88) = 2953 [pid 2952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2952] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2952] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2952] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 2953 attached [pid 2953] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2953] memfd_create("syzkaller", 0 [pid 2952] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2953] <... memfd_create resumed>) = 3 [pid 2953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2952] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2954]}, 88) = 2954 [pid 2952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2952] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2952] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2954 attached [pid 2953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2954] set_robust_list(0x7f22e156f9a0, 24 [pid 2953] <... write resumed>) = 262144 [pid 2954] <... set_robust_list resumed>) = 0 [pid 2953] munmap(0x7f22d914f000, 138412032 [pid 2954] rt_sigprocmask(SIG_SETMASK, [], [pid 2953] <... munmap resumed>) = 0 [pid 2954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2953] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2954] creat("./bus", 000 [pid 2953] <... openat resumed>) = 4 [pid 2953] ioctl(4, LOOP_SET_FD, 3 [pid 2954] <... creat resumed>) = 5 [pid 2953] <... ioctl resumed>) = 0 [pid 2954] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2953] close(3 [pid 2954] <... futex resumed>) = 1 [pid 2953] <... close resumed>) = 0 [pid 2952] <... futex resumed>) = 0 [pid 2952] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2952] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2954] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2953] close(4 [pid 2954] <... mount resumed>) = 0 [pid 2954] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2953] <... close resumed>) = 0 [pid 2954] <... futex resumed>) = 1 [pid 2953] mkdir("./file0", 0777 [pid 2952] <... futex resumed>) = 0 [pid 2952] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2952] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2954] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2954] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2953] <... mkdir resumed>) = 0 [pid 2954] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2953] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2952] <... futex resumed>) = 0 [pid 2952] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2952] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2954] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 2954] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2952] <... futex resumed>) = 0 [pid 2952] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2954] memfd_create("syzkaller", 0 [pid 2952] <... futex resumed>) = 0 [pid 2954] <... memfd_create resumed>) = 4 [pid 2954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2954] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2953] <... mount resumed>) = 0 [pid 2953] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2953] ioctl(6, LOOP_CLR_FD) = 0 [pid 2953] close(6) = 0 [pid 2953] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2953] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2954] <... write resumed>) = 4194304 [pid 2954] munmap(0x7f22d914f000, 138412032) = 0 [pid 2954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2954] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2954] ioctl(6, LOOP_CLR_FD) = 0 [pid 2954] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 2954] close(6) = 0 [pid 2954] close(4) = 0 [pid 2954] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2954] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2952] exit_group(0) = ? [pid 2953] <... futex resumed>) = ? [pid 2953] +++ exited with 0 +++ [pid 2954] <... futex resumed>) = ? [pid 2954] +++ exited with 0 +++ [pid 2952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2952, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./822", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./822", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./822/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./822/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./822/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./822/bus") = 0 umount2("./822/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./822/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./822/binderfs") = 0 [ 64.899145][ T2953] loop0: detected capacity change from 0 to 512 [ 64.914265][ T2953] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor245: couldn't read orphan inode 12 (err -116) [ 64.931346][ T2953] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./822/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./822/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./822/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./822/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./822/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./822/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./822") = 0 mkdir("./823", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2957 ./strace-static-x86_64: Process 2957 attached [pid 2957] set_robust_list(0x5555564336a0, 24) = 0 [pid 2957] chdir("./823") = 0 [pid 2957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2957] setpgid(0, 0) = 0 [pid 2957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2957] write(3, "1000", 4) = 4 [pid 2957] close(3) = 0 [pid 2957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2957] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2957] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2957] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2957] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2958 attached => {parent_tid=[2958]}, 88) = 2958 [pid 2958] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2957] rt_sigprocmask(SIG_SETMASK, [], [pid 2958] rt_sigprocmask(SIG_SETMASK, [], [pid 2957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2957] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2958] memfd_create("syzkaller", 0 [pid 2957] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2958] <... memfd_create resumed>) = 3 [pid 2958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2958] <... mmap resumed>) = 0x7f22d914f000 [pid 2957] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2959]}, 88) = 2959 [pid 2957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2957] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2957] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2959 attached [pid 2959] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2959] creat("./bus", 000) = 4 [pid 2959] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2957] <... futex resumed>) = 0 [pid 2957] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2957] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2959] <... futex resumed>) = 1 [pid 2959] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2959] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2957] <... futex resumed>) = 0 [pid 2957] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2957] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2959] <... futex resumed>) = 1 [pid 2959] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2959] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2957] <... futex resumed>) = 0 [pid 2957] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2957] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2959] <... futex resumed>) = 1 [pid 2959] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2958] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d3d} --- [pid 2959] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2957] <... futex resumed>) = 0 [pid 2957] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2959] <... futex resumed>) = 1 [pid 2959] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2959] +++ killed by SIGBUS +++ [pid 2958] +++ killed by SIGBUS +++ [pid 2957] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2957, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./823", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./823", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./823/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./823/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./823/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./823/bus") = 0 umount2("./823/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./823/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./823/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./823") = 0 mkdir("./824", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2960 ./strace-static-x86_64: Process 2960 attached [pid 2960] set_robust_list(0x5555564336a0, 24) = 0 [pid 2960] chdir("./824") = 0 [pid 2960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2960] setpgid(0, 0) = 0 [pid 2960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2960] write(3, "1000", 4) = 4 [pid 2960] close(3) = 0 [pid 2960] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2960] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2960] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2960] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2960] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2961 attached => {parent_tid=[2961]}, 88) = 2961 [pid 2961] set_robust_list(0x7f22e15909a0, 24 [pid 2960] rt_sigprocmask(SIG_SETMASK, [], [pid 2961] <... set_robust_list resumed>) = 0 [pid 2960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2961] rt_sigprocmask(SIG_SETMASK, [], [pid 2960] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2960] <... futex resumed>) = 0 [pid 2961] memfd_create("syzkaller", 0 [pid 2960] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2961] <... memfd_create resumed>) = 3 [pid 2960] <... mmap resumed>) = 0x7f22e154f000 [pid 2961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2960] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2961] <... mmap resumed>) = 0x7f22d914f000 [pid 2960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2962]}, 88) = 2962 [pid 2960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2960] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2960] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2962 attached [pid 2962] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2962] creat("./bus", 000) = 4 [pid 2962] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2960] <... futex resumed>) = 0 [pid 2960] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2960] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2962] <... futex resumed>) = 1 [pid 2962] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2962] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2960] <... futex resumed>) = 0 [pid 2960] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2960] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2962] <... futex resumed>) = 1 [pid 2962] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2962] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2960] <... futex resumed>) = 0 [pid 2960] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2960] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2962] <... futex resumed>) = 1 [pid 2962] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2961] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d48} --- [pid 2962] ????( [pid 2960] <... futex resumed>) = ? [pid 2961] +++ killed by SIGBUS +++ [pid 2962] <... ???? resumed>) = ? [pid 2962] +++ killed by SIGBUS +++ [pid 2960] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2960, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./824", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./824", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./824/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./824/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./824/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./824/bus") = 0 umount2("./824/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./824/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./824/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./824") = 0 mkdir("./825", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2963 ./strace-static-x86_64: Process 2963 attached [pid 2963] set_robust_list(0x5555564336a0, 24) = 0 [pid 2963] chdir("./825") = 0 [pid 2963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2963] setpgid(0, 0) = 0 [pid 2963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2963] write(3, "1000", 4) = 4 [pid 2963] close(3) = 0 [pid 2963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2963] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2963] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2963] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 64.972805][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 2963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2963] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2964 attached => {parent_tid=[2964]}, 88) = 2964 [pid 2964] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2964] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2963] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2964] <... futex resumed>) = 0 [pid 2963] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2964] memfd_create("syzkaller", 0 [pid 2963] <... futex resumed>) = 0 [pid 2964] <... memfd_create resumed>) = 3 [pid 2964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2963] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2965 attached => {parent_tid=[2965]}, 88) = 2965 [pid 2963] rt_sigprocmask(SIG_SETMASK, [], [pid 2965] set_robust_list(0x7f22d916f9a0, 24 [pid 2963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2963] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2965] <... set_robust_list resumed>) = 0 [pid 2963] <... futex resumed>) = 0 [pid 2964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2965] rt_sigprocmask(SIG_SETMASK, [], [pid 2963] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2964] <... write resumed>) = 262144 [pid 2965] creat("./bus", 000 [pid 2964] munmap(0x7f22d9170000, 138412032 [pid 2965] <... creat resumed>) = 4 [pid 2965] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2964] <... munmap resumed>) = 0 [pid 2965] <... futex resumed>) = 1 [pid 2964] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2963] <... futex resumed>) = 0 [pid 2965] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2963] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2964] <... openat resumed>) = 5 [pid 2963] <... futex resumed>) = 0 [pid 2963] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2965] <... mount resumed>) = 0 [pid 2964] ioctl(5, LOOP_SET_FD, 3 [pid 2965] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2963] <... futex resumed>) = 0 [pid 2965] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2963] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2965] <... open resumed>) = 6 [pid 2963] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2964] <... ioctl resumed>) = 0 [pid 2965] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2964] close(3 [pid 2963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2965] <... futex resumed>) = 0 [pid 2965] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2963] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2964] <... close resumed>) = 0 [pid 2963] <... futex resumed>) = 0 [pid 2963] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2965] <... mmap resumed>) = 0x20000000 [pid 2964] close(5 [pid 2965] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2964] <... close resumed>) = 0 [pid 2965] <... futex resumed>) = 1 [pid 2963] <... futex resumed>) = 0 [pid 2965] memfd_create("syzkaller", 0 [pid 2963] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2965] <... memfd_create resumed>) = 3 [pid 2963] <... futex resumed>) = 0 [pid 2965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2964] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2964] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2964] ioctl(5, LOOP_CLR_FD) = 0 [pid 2964] close(5 [pid 2965] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2964] <... close resumed>) = 0 [pid 2964] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2964] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2965] <... write resumed>) = 4194304 [pid 2965] munmap(0x7f22d9170000, 138412032) = 0 [pid 2965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2965] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2965] ioctl(5, LOOP_CLR_FD) = 0 [pid 2965] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2965] close(5) = 0 [pid 2965] close(3) = 0 [pid 2965] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2965] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2963] exit_group(0 [pid 2964] <... futex resumed>) = ? [pid 2963] <... exit_group resumed>) = ? [pid 2964] +++ exited with 0 +++ [pid 2965] <... futex resumed>) = ? [pid 2965] +++ exited with 0 +++ [pid 2963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2963, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./825", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./825", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./825/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./825/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./825/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./825/bus") = 0 umount2("./825/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./825/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./825/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./825") = 0 mkdir("./826", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2966 ./strace-static-x86_64: Process 2966 attached [pid 2966] set_robust_list(0x5555564336a0, 24) = 0 [pid 2966] chdir("./826") = 0 [pid 2966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2966] setpgid(0, 0) = 0 [pid 2966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2966] write(3, "1000", 4) = 4 [pid 2966] close(3) = 0 [pid 2966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2966] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2966] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2966] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2967 attached => {parent_tid=[2967]}, 88) = 2967 [pid 2967] set_robust_list(0x7f22e15909a0, 24 [pid 2966] rt_sigprocmask(SIG_SETMASK, [], [pid 2967] <... set_robust_list resumed>) = 0 [pid 2966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2967] rt_sigprocmask(SIG_SETMASK, [], [pid 2966] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2966] <... futex resumed>) = 0 [pid 2966] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2967] memfd_create("syzkaller", 0) = 3 [pid 2966] <... mmap resumed>) = 0x7f22e154f000 [pid 2967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2966] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2967] <... mmap resumed>) = 0x7f22d914f000 [pid 2966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 65.042040][ T2964] loop0: detected capacity change from 0 to 512 [pid 2966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2968 attached => {parent_tid=[2968]}, 88) = 2968 [pid 2966] rt_sigprocmask(SIG_SETMASK, [], [pid 2968] set_robust_list(0x7f22e156f9a0, 24 [pid 2966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2966] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2968] <... set_robust_list resumed>) = 0 [pid 2966] <... futex resumed>) = 0 [pid 2968] rt_sigprocmask(SIG_SETMASK, [], [pid 2966] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2968] creat("./bus", 000 [pid 2967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2968] <... creat resumed>) = 4 [pid 2968] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2966] <... futex resumed>) = 0 [pid 2968] <... futex resumed>) = 1 [pid 2966] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2968] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2966] <... futex resumed>) = 0 [pid 2967] <... write resumed>) = 262144 [pid 2967] munmap(0x7f22d914f000, 138412032 [pid 2966] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2967] <... munmap resumed>) = 0 [pid 2967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2967] ioctl(5, LOOP_SET_FD, 3 [pid 2968] <... mount resumed>) = 0 [pid 2968] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2966] <... futex resumed>) = 0 [pid 2966] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2966] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2968] <... futex resumed>) = 1 [pid 2967] <... ioctl resumed>) = 0 [pid 2968] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2967] close(3 [pid 2968] <... open resumed>) = 6 [pid 2967] <... close resumed>) = 0 [pid 2968] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2967] close(5 [pid 2968] <... futex resumed>) = 1 [pid 2967] <... close resumed>) = 0 [pid 2967] mkdir("./file0", 0777) = 0 [pid 2968] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2967] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2966] <... futex resumed>) = 0 [pid 2966] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2966] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2968] <... futex resumed>) = 0 [pid 2968] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 2968] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2966] <... futex resumed>) = 0 [pid 2968] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2967] <... mount resumed>) = 0 [pid 2966] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2967] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY [pid 2968] memfd_create("syzkaller", 0) = 3 [pid 2967] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 2968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2967] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2968] <... mmap resumed>) = 0x7f22d914f000 [pid 2968] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2967] <... openat resumed>) = 5 [pid 2967] ioctl(5, LOOP_CLR_FD) = 0 [pid 2967] close(5) = 0 [pid 2967] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2967] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2968] <... write resumed>) = 4194304 [pid 2968] munmap(0x7f22d914f000, 138412032) = 0 [pid 2968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2968] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2968] ioctl(5, LOOP_CLR_FD) = 0 [pid 2968] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2968] close(5) = 0 [pid 2968] close(3) = 0 [pid 2968] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2966] exit_group(0) = ? [pid 2968] <... futex resumed>) = ? [pid 2967] <... futex resumed>) = ? [pid 2968] +++ exited with 0 +++ [pid 2967] +++ exited with 0 +++ [pid 2966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2966, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./826", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./826", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./826/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./826/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./826/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./826/bus") = 0 umount2("./826/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./826/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./826/binderfs") = 0 [ 65.105764][ T2967] loop0: detected capacity change from 0 to 512 [ 65.119021][ T2967] EXT4-fs (loop0): 1 truncate cleaned up [ 65.125020][ T2967] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./826/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./826/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./826/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./826/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./826/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./826/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./826") = 0 mkdir("./827", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2970 ./strace-static-x86_64: Process 2970 attached [pid 2970] set_robust_list(0x5555564336a0, 24) = 0 [pid 2970] chdir("./827") = 0 [pid 2970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2970] setpgid(0, 0) = 0 [pid 2970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2970] write(3, "1000", 4) = 4 [pid 2970] close(3) = 0 [pid 2970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2970] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2970] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2970] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2971 attached [pid 2971] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2971] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2970] <... clone3 resumed> => {parent_tid=[2971]}, 88) = 2971 [pid 2970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2970] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2971] <... futex resumed>) = 0 [pid 2971] memfd_create("syzkaller", 0) = 3 [pid 2970] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2970] <... futex resumed>) = 0 [pid 2970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2971] <... mmap resumed>) = 0x7f22d9170000 [pid 2970] <... mmap resumed>) = 0x7f22d914f000 [pid 2970] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2972 attached [pid 2972] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 2972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2972] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2970] <... clone3 resumed> => {parent_tid=[2972]}, 88) = 2972 [pid 2970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2970] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2972] <... futex resumed>) = 0 [pid 2972] creat("./bus", 000 [pid 2970] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2972] <... creat resumed>) = 4 [pid 2971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2972] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2972] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2970] <... futex resumed>) = 0 [pid 2970] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2972] <... futex resumed>) = 0 [pid 2972] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2970] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2972] <... mount resumed>) = 0 [pid 2972] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2972] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2970] <... futex resumed>) = 0 [pid 2970] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2971] <... write resumed>) = 262144 [pid 2970] <... futex resumed>) = 1 [pid 2971] munmap(0x7f22d9170000, 138412032 [pid 2972] <... futex resumed>) = 0 [pid 2970] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2972] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2972] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2972] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2971] <... munmap resumed>) = 0 [pid 2971] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2970] <... futex resumed>) = 0 [pid 2971] <... openat resumed>) = 6 [pid 2970] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2972] <... futex resumed>) = 0 [pid 2970] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2971] ioctl(6, LOOP_SET_FD, 3 [pid 2972] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2971] <... ioctl resumed>) = 0 [pid 2971] close(3) = 0 [pid 2971] close(6) = 0 [pid 2971] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2971] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2971] ioctl(3, LOOP_CLR_FD) = 0 [pid 2971] close(3) = 0 [pid 2971] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2971] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2972] <... mmap resumed>) = 0x20000000 [pid 2972] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2970] <... futex resumed>) = 0 [pid 2972] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2970] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2971] <... futex resumed>) = 0 [pid 2970] <... futex resumed>) = 1 [pid 2971] memfd_create("syzkaller", 0) = 3 [pid 2971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2971] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2971] munmap(0x7f22d9170000, 138412032) = 0 [pid 2971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2971] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2971] ioctl(6, LOOP_CLR_FD) = 0 [pid 2971] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2971] close(6) = 0 [ 65.173310][ T293] EXT4-fs (loop0): unmounting filesystem. [ 65.205776][ T2971] loop0: detected capacity change from 0 to 512 [ 65.206100][ T2972] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 30 prio class 2 [pid 2971] close(3) = 0 [pid 2971] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2971] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2970] exit_group(0) = ? [pid 2972] <... futex resumed>) = ? [pid 2971] <... futex resumed>) = ? [pid 2972] +++ exited with 0 +++ [pid 2971] +++ exited with 0 +++ [pid 2970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2970, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./827", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./827", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./827/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./827/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./827/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./827/bus") = 0 umount2("./827/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./827/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./827/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./827") = 0 mkdir("./828", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2973 ./strace-static-x86_64: Process 2973 attached [pid 2973] set_robust_list(0x5555564336a0, 24) = 0 [pid 2973] chdir("./828") = 0 [pid 2973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2973] setpgid(0, 0) = 0 [pid 2973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2973] write(3, "1000", 4) = 4 [pid 2973] close(3) = 0 [pid 2973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2973] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2973] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2973] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2974]}, 88) = 2974 [pid 2973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2973] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2973] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2975]}, 88) = 2975 [pid 2973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2973] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2975 attached [pid 2975] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2975] creat("./bus", 000) = 3 [pid 2975] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2973] <... futex resumed>) = 0 [pid 2973] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2975] <... futex resumed>) = 1 [pid 2975] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 2974 attached ) = 0 [pid 2975] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2973] <... futex resumed>) = 0 [pid 2973] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2975] <... futex resumed>) = 1 [pid 2975] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2974] set_robust_list(0x7f22e15909a0, 24 [pid 2975] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2973] <... futex resumed>) = 0 [pid 2973] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2975] <... futex resumed>) = 1 [pid 2975] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2974] <... set_robust_list resumed>) = 0 [pid 2975] <... mmap resumed>) = 0x20000000 [pid 2974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000184} --- [pid 2973] <... futex resumed>) = ? [pid 2975] +++ killed by SIGBUS +++ [pid 2974] +++ killed by SIGBUS +++ [pid 2973] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2973, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./828", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./828", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./828/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./828/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./828/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./828/bus") = 0 umount2("./828/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./828/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./828/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./828") = 0 mkdir("./829", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2976 ./strace-static-x86_64: Process 2976 attached [pid 2976] set_robust_list(0x5555564336a0, 24) = 0 [pid 2976] chdir("./829") = 0 [pid 2976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2976] setpgid(0, 0) = 0 [pid 2976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2976] write(3, "1000", 4) = 4 [pid 2976] close(3) = 0 [pid 2976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2976] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2976] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2976] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2976] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2977 attached => {parent_tid=[2977]}, 88) = 2977 [pid 2977] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2977] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2976] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2977] <... futex resumed>) = 0 [pid 2976] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2977] memfd_create("syzkaller", 0) = 3 [pid 2977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2976] <... futex resumed>) = 0 [pid 2976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 2976] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 2978 attached => {parent_tid=[2978]}, 88) = 2978 [pid 2978] set_robust_list(0x7f22d916f9a0, 24 [pid 2976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2978] <... set_robust_list resumed>) = 0 [pid 2977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2976] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2978] rt_sigprocmask(SIG_SETMASK, [], [pid 2976] <... futex resumed>) = 0 [pid 2978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2976] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2978] creat("./bus", 000) = 4 [pid 2978] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2976] <... futex resumed>) = 0 [pid 2976] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2978] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2976] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2977] <... write resumed>) = 262144 [pid 2977] munmap(0x7f22d9170000, 138412032 [pid 2978] <... mount resumed>) = 0 [pid 2978] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2977] <... munmap resumed>) = 0 [pid 2977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2977] ioctl(5, LOOP_SET_FD, 3 [pid 2978] <... futex resumed>) = 1 [pid 2976] <... futex resumed>) = 0 [pid 2976] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2976] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2978] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 2978] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2976] <... futex resumed>) = 0 [pid 2976] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2976] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2978] <... futex resumed>) = 1 [pid 2978] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 2977] <... ioctl resumed>) = 0 [pid 2977] close(3) = 0 [pid 2977] close(5) = 0 [pid 2977] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2977] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 2977] ioctl(3, LOOP_CLR_FD) = 0 [pid 2977] close(3) = 0 [pid 2977] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2977] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2978] <... mmap resumed>) = 0x20000000 [pid 2978] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2976] <... futex resumed>) = 0 [pid 2976] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2978] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2976] <... futex resumed>) = 1 [pid 2977] <... futex resumed>) = 0 [pid 2977] memfd_create("syzkaller", 0) = 3 [pid 2977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 2977] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2977] munmap(0x7f22d9170000, 138412032) = 0 [pid 2977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2977] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2977] ioctl(5, LOOP_CLR_FD) = 0 [pid 2977] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2977] close(5) = 0 [pid 2977] close(3) = 0 [pid 2977] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2977] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2976] exit_group(0) = ? [pid 2978] <... futex resumed>) = ? [pid 2978] +++ exited with 0 +++ [pid 2977] <... futex resumed>) = ? [pid 2977] +++ exited with 0 +++ [pid 2976] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2976, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./829", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./829", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./829/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./829/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./829/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./829/bus") = 0 umount2("./829/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./829/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./829/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./829") = 0 mkdir("./830", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2979 ./strace-static-x86_64: Process 2979 attached [pid 2979] set_robust_list(0x5555564336a0, 24) = 0 [pid 2979] chdir("./830") = 0 [pid 2979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2979] setpgid(0, 0) = 0 [pid 2979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2979] write(3, "1000", 4) = 4 [pid 2979] close(3) = 0 [pid 2979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2979] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2979] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [ 65.290521][ T2977] loop0: detected capacity change from 0 to 512 [ 65.297128][ T2978] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 29 prio class 2 [ 65.307188][ T2978] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.316362][ T2978] Buffer I/O error on dev loop0, logical block 0, async page read [pid 2979] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2979] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2979] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2979] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2980 attached [pid 2980] set_robust_list(0x7f22e15909a0, 24 [pid 2979] <... clone3 resumed> => {parent_tid=[2980]}, 88) = 2980 [pid 2980] <... set_robust_list resumed>) = 0 [pid 2979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2979] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2980] memfd_create("syzkaller", 0 [pid 2979] <... futex resumed>) = 0 [pid 2979] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2979] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2979] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2979] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2981]}, 88) = 2981 [pid 2979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2979] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2979] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2981 attached [pid 2981] set_robust_list(0x7f22e156f9a0, 24 [pid 2980] <... memfd_create resumed>) = 3 [pid 2980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2981] <... set_robust_list resumed>) = 0 [pid 2981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2981] creat("./bus", 000) = 4 [pid 2981] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2979] <... futex resumed>) = 0 [pid 2979] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2979] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2981] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2980] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2981] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2979] <... futex resumed>) = 0 [pid 2979] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2979] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2981] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2981] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2979] <... futex resumed>) = 0 [pid 2979] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2979] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2981] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2980] <... write resumed>) = 262144 [pid 2981] <... mmap resumed>) = 0x20000000 [pid 2980] munmap(0x7f22d914f000, 138412032) = 0 [pid 2980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2981] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2979] <... futex resumed>) = 0 [pid 2979] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2981] <... futex resumed>) = 1 [pid 2981] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2980] ioctl(6, LOOP_SET_FD, 3 [pid 2981] +++ killed by SIGBUS +++ [pid 2980] <... ioctl resumed>) = ? [pid 2980] +++ killed by SIGBUS +++ [pid 2979] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2979, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./830", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./830", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./830/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./830/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./830/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./830/bus") = 0 umount2("./830/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./830/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./830/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./830") = 0 mkdir("./831", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2982 ./strace-static-x86_64: Process 2982 attached [pid 2982] set_robust_list(0x5555564336a0, 24) = 0 [pid 2982] chdir("./831") = 0 [pid 2982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2982] setpgid(0, 0) = 0 [pid 2982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2982] write(3, "1000", 4) = 4 [pid 2982] close(3) = 0 [pid 2982] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2982] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2982] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2982] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2982] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2983]}, 88) = 2983 [pid 2982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2982] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2982] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2983 attached ) = 0 [pid 2983] set_robust_list(0x7f22e15909a0, 24 [pid 2982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2983] <... set_robust_list resumed>) = 0 [pid 2982] <... mmap resumed>) = 0x7f22e154f000 [pid 2983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2982] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2983] memfd_create("syzkaller", 0 [pid 2982] <... mprotect resumed>) = 0 [pid 2983] <... memfd_create resumed>) = 3 [pid 2983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2982] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2983] <... mmap resumed>) = 0x7f22d914f000 [pid 2982] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2984 attached [pid 2984] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2982] <... clone3 resumed> => {parent_tid=[2984]}, 88) = 2984 [pid 2984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2982] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2984] creat("./bus", 000 [pid 2982] <... futex resumed>) = 0 [pid 2982] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2984] <... creat resumed>) = 4 [pid 2984] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2982] <... futex resumed>) = 0 [pid 2982] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2982] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2984] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2984] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2984] <... futex resumed>) = 1 [pid 2982] <... futex resumed>) = 0 [pid 2982] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2982] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2984] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 2984] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2982] <... futex resumed>) = 0 [pid 2982] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2982] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2984] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2983] <... write resumed>) = 262144 [pid 2983] munmap(0x7f22d914f000, 138412032) = 0 [pid 2983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2983] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 2983] close(3) = 0 [pid 2983] close(6) = 0 [pid 2983] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 2984] <... mmap resumed>) = 0x20000000 [pid 2984] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2982] <... futex resumed>) = 0 [pid 2982] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2984] <... futex resumed>) = 1 [pid 2984] memfd_create("syzkaller", 0) = 3 [pid 2984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2983] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 2983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2983] ioctl(6, LOOP_CLR_FD) = 0 [pid 2983] close(6) = 0 [pid 2983] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2983] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2984] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2984] munmap(0x7f22d914f000, 138412032) = 0 [pid 2984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2984] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2984] ioctl(6, LOOP_CLR_FD) = 0 [pid 2984] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2984] close(6) = 0 [pid 2984] close(3) = 0 [pid 2984] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2984] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2982] exit_group(0) = ? [pid 2984] <... futex resumed>) = ? [pid 2984] +++ exited with 0 +++ [pid 2983] <... futex resumed>) = ? [pid 2983] +++ exited with 0 +++ [pid 2982] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2982, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./831", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./831", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./831/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./831/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./831/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./831/bus") = 0 umount2("./831/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./831/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./831/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./831") = 0 mkdir("./832", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2985 ./strace-static-x86_64: Process 2985 attached [pid 2985] set_robust_list(0x5555564336a0, 24) = 0 [ 65.390386][ T2980] loop0: detected capacity change from 0 to 512 [ 65.414734][ T2983] loop0: detected capacity change from 0 to 512 [pid 2985] chdir("./832") = 0 [pid 2985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2985] setpgid(0, 0) = 0 [pid 2985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2985] write(3, "1000", 4) = 4 [pid 2985] close(3) = 0 [pid 2985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2985] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2985] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2985] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2985] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2986]}, 88) = 2986 [pid 2985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2985] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2985] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2985] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2987]}, 88) = 2987 [pid 2985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2985] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2985] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2987 attached [pid 2987] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2987] creat("./bus", 000) = 3 [pid 2987] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2985] <... futex resumed>) = 0 [pid 2985] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2985] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2987] <... futex resumed>) = 1 [pid 2987] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2987] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2985] <... futex resumed>) = 0 [pid 2985] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2985] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2987] <... futex resumed>) = 1 [pid 2987] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 2987] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2985] <... futex resumed>) = 0 [pid 2985] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2985] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2987] <... futex resumed>) = 1 [pid 2987] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 2987] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2985] <... futex resumed>) = 0 [pid 2985] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2987] <... futex resumed>) = 1 [pid 2987] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2987] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2986 attached [pid 2986] +++ killed by SIGBUS +++ [pid 2985] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2985, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./832", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./832", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./832/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./832/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./832/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./832/bus") = 0 umount2("./832/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./832/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./832/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./832") = 0 mkdir("./833", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2988 ./strace-static-x86_64: Process 2988 attached [pid 2988] set_robust_list(0x5555564336a0, 24) = 0 [pid 2988] chdir("./833") = 0 [pid 2988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2988] setpgid(0, 0) = 0 [pid 2988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2988] write(3, "1000", 4) = 4 [pid 2988] close(3) = 0 [pid 2988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2988] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2988] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2988] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 2989 attached [pid 2989] set_robust_list(0x7f22e15909a0, 24 [pid 2988] <... clone3 resumed> => {parent_tid=[2989]}, 88) = 2989 [pid 2989] <... set_robust_list resumed>) = 0 [pid 2988] rt_sigprocmask(SIG_SETMASK, [], [pid 2989] rt_sigprocmask(SIG_SETMASK, [], [pid 2988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2988] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2988] <... futex resumed>) = 0 [pid 2988] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2989] memfd_create("syzkaller", 0 [pid 2988] <... mmap resumed>) = 0x7f22e154f000 [pid 2988] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 2989] <... memfd_create resumed>) = 3 [pid 2989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2988] <... mprotect resumed>) = 0 [pid 2988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2989] <... mmap resumed>) = 0x7f22d914f000 [pid 2988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2990 attached => {parent_tid=[2990]}, 88) = 2990 [pid 2990] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2990] rt_sigprocmask(SIG_SETMASK, [], [pid 2988] rt_sigprocmask(SIG_SETMASK, [], [pid 2990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2990] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2988] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2990] <... futex resumed>) = 0 [pid 2988] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2990] creat("./bus", 000) = 4 [pid 2990] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2988] <... futex resumed>) = 0 [pid 2988] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2990] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 2988] <... futex resumed>) = 0 [pid 2988] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2990] <... mount resumed>) = 0 [pid 2990] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2988] <... futex resumed>) = 0 [pid 2990] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2988] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2988] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2990] <... open resumed>) = 5 [pid 2990] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2988] <... futex resumed>) = 0 [pid 2990] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2988] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2988] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2990] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 2989] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d7f} --- [pid 2990] <... mmap resumed>) = 0x20000000 [pid 2990] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2988] <... futex resumed>) = 0 [pid 2988] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2990] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 2990] +++ killed by SIGBUS +++ [pid 2989] +++ killed by SIGBUS +++ [pid 2988] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2988, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./833", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./833", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./833/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./833/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./833/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./833/bus") = 0 umount2("./833/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./833/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./833/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./833") = 0 mkdir("./834", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2991 ./strace-static-x86_64: Process 2991 attached [pid 2991] set_robust_list(0x5555564336a0, 24) = 0 [pid 2991] chdir("./834") = 0 [pid 2991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2991] setpgid(0, 0) = 0 [pid 2991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2991] write(3, "1000", 4) = 4 [pid 2991] close(3) = 0 [pid 2991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2991] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2991] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2992]}, 88) = 2992 [pid 2991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2991] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2991] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 2993 attached => {parent_tid=[2993]}, 88) = 2993 [pid 2991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2991] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2992 attached [pid 2992] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2992] memfd_create("syzkaller", 0) = 3 [pid 2993] set_robust_list(0x7f22e156f9a0, 24 [pid 2992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2993] <... set_robust_list resumed>) = 0 [pid 2993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2993] creat("./bus", 000) = 4 [pid 2993] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 2993] <... futex resumed>) = 1 [pid 2991] <... futex resumed>) = 0 [pid 2991] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2993] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2993] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2991] <... futex resumed>) = 0 [pid 2991] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2993] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 2992] <... write resumed>) = 262144 [pid 2992] munmap(0x7f22d914f000, 138412032 [pid 2993] <... open resumed>) = 5 [pid 2992] <... munmap resumed>) = 0 [pid 2992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2992] ioctl(6, LOOP_SET_FD, 3 [pid 2993] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2992] <... ioctl resumed>) = 0 [pid 2992] close(3) = 0 [pid 2992] close(6) = 0 [pid 2992] mkdir("./file0", 0777) = 0 [pid 2992] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2991] <... futex resumed>) = 0 [pid 2991] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2993] <... futex resumed>) = 1 [pid 2993] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 2993] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2991] <... futex resumed>) = 0 [pid 2991] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2993] <... futex resumed>) = 1 [pid 2993] memfd_create("syzkaller", 0) = 3 [pid 2993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2992] <... mount resumed>) = 0 [pid 2993] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 2992] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2992] ioctl(6, LOOP_CLR_FD) = 0 [pid 2992] close(6) = 0 [pid 2992] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2992] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2993] <... write resumed>) = 4194304 [pid 2993] munmap(0x7f22d914f000, 138412032) = 0 [pid 2993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2993] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2993] ioctl(6, LOOP_CLR_FD) = 0 [pid 2993] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2993] close(6) = 0 [pid 2993] close(3) = 0 [pid 2993] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2993] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2991] exit_group(0 [pid 2992] <... futex resumed>) = ? [pid 2991] <... exit_group resumed>) = ? [pid 2992] +++ exited with 0 +++ [pid 2993] <... futex resumed>) = ? [pid 2993] +++ exited with 0 +++ [pid 2991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2991, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./834", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./834", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./834/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./834/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./834/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./834/bus") = 0 umount2("./834/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./834/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./834/binderfs") = 0 [ 65.519793][ T2992] loop0: detected capacity change from 0 to 512 [ 65.532077][ T2992] EXT4-fs (loop0): 1 truncate cleaned up [ 65.537622][ T2992] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./834/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./834/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./834/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./834/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./834/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./834/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./834") = 0 mkdir("./835", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 2995 ./strace-static-x86_64: Process 2995 attached [pid 2995] set_robust_list(0x5555564336a0, 24) = 0 [pid 2995] chdir("./835") = 0 [pid 2995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2995] setpgid(0, 0) = 0 [pid 2995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2995] write(3, "1000", 4) = 4 [pid 2995] close(3) = 0 [pid 2995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2995] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2995] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 2995] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 2995] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[2996]}, 88) = 2996 [pid 2995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2995] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2995] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 2995] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[2997]}, 88) = 2997 [pid 2995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2995] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2995] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2996 attached [pid 2996] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 2996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2996] memfd_create("syzkaller", 0) = 3 [pid 2996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 2997 attached [pid 2997] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 2997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2997] creat("./bus", 000 [pid 2996] <... write resumed>) = 262144 [pid 2996] munmap(0x7f22d914f000, 138412032) = 0 [pid 2996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 2996] ioctl(5, LOOP_SET_FD, 3 [pid 2997] <... creat resumed>) = 4 [pid 2996] <... ioctl resumed>) = 0 [pid 2996] close(3) = 0 [pid 2996] close(5) = 0 [pid 2996] mkdir("./file0", 0777) = 0 [pid 2996] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 2997] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2995] <... futex resumed>) = 0 [pid 2995] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2995] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2997] <... futex resumed>) = 1 [pid 2997] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 2997] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2995] <... futex resumed>) = 0 [pid 2995] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2995] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2997] <... futex resumed>) = 1 [pid 2997] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 2997] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2995] <... futex resumed>) = 0 [pid 2995] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2995] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2997] <... futex resumed>) = 1 [pid 2997] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 2996] <... mount resumed>) = 0 [pid 2996] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 2996] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2997] <... mmap resumed>) = 0x20000000 [pid 2996] <... openat resumed>) = 5 [pid 2996] ioctl(5, LOOP_CLR_FD) = 0 [pid 2996] close(5) = 0 [pid 2996] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2996] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2997] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2995] <... futex resumed>) = 0 [pid 2995] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2997] <... futex resumed>) = 1 [pid 2997] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2996] <... futex resumed>) = 0 [pid 2996] memfd_create("syzkaller", 0) = 5 [pid 2996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 2996] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 2996] munmap(0x7f22d914f000, 138412032) = 0 [pid 2996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 2996] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2996] ioctl(6, LOOP_CLR_FD) = 0 [pid 2996] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 2996] close(6) = 0 [pid 2996] close(5) = 0 [pid 2996] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2995] exit_group(0 [pid 2997] <... futex resumed>) = ? [pid 2995] <... exit_group resumed>) = ? [pid 2997] +++ exited with 0 +++ [pid 2996] +++ exited with 0 +++ [pid 2995] +++ exited with 0 +++ [ 65.586517][ T293] EXT4-fs (loop0): unmounting filesystem. [ 65.604169][ T2996] loop0: detected capacity change from 0 to 512 [ 65.616513][ T2996] EXT4-fs (loop0): 1 truncate cleaned up [ 65.622393][ T2996] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2995, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./835", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./835", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./835/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./835/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./835/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./835/bus") = 0 umount2("./835/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./835/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./835/binderfs") = 0 umount2("./835/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./835/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./835/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./835/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./835/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./835/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./835") = 0 mkdir("./836", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3000 ./strace-static-x86_64: Process 3000 attached [pid 3000] set_robust_list(0x5555564336a0, 24) = 0 [pid 3000] chdir("./836") = 0 [pid 3000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3000] setpgid(0, 0) = 0 [pid 3000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3000] write(3, "1000", 4) = 4 [pid 3000] close(3) = 0 [pid 3000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3000] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3000] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3000] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3000] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3000] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3000] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3001 attached [pid 3001] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3001] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3000] <... clone3 resumed> => {parent_tid=[3001]}, 88) = 3001 [pid 3000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3000] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3001] <... futex resumed>) = 0 [pid 3000] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3001] memfd_create("syzkaller", 0) = 3 [pid 3001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3000] <... futex resumed>) = 0 [pid 3000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3000] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3000] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3000] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3002]}, 88) = 3002 [pid 3000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3000] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3000] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3002 attached [pid 3002] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3002] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3002] creat("./bus", 000) = 4 [pid 3002] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3000] <... futex resumed>) = 0 [pid 3000] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3000] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3002] <... futex resumed>) = 1 [pid 3002] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3002] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3000] <... futex resumed>) = 0 [pid 3000] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3000] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3002] <... futex resumed>) = 1 [pid 3002] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3002] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3000] <... futex resumed>) = 0 [pid 3000] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3000] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3002] <... futex resumed>) = 1 [pid 3002] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3001] <... write resumed>) = 262144 [pid 3002] <... mmap resumed>) = 0x20000000 [pid 3001] munmap(0x7f22d9170000, 138412032 [pid 3002] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3000] <... futex resumed>) = 0 [pid 3000] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3002] <... futex resumed>) = 1 [pid 3001] <... munmap resumed>) = 0 [pid 3002] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3001] +++ killed by SIGBUS +++ [pid 3002] +++ killed by SIGBUS +++ [pid 3000] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3000, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./836", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./836", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./836/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./836/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./836/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./836/bus") = 0 umount2("./836/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./836/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./836/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./836") = 0 mkdir("./837", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3003 ./strace-static-x86_64: Process 3003 attached [pid 3003] set_robust_list(0x5555564336a0, 24) = 0 [pid 3003] chdir("./837") = 0 [pid 3003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3003] setpgid(0, 0) = 0 [pid 3003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3003] write(3, "1000", 4) = 4 [pid 3003] close(3) = 0 [pid 3003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3003] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3003] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3003] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3003] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3004 attached => {parent_tid=[3004]}, 88) = 3004 [pid 3004] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3003] rt_sigprocmask(SIG_SETMASK, [], [pid 3004] rt_sigprocmask(SIG_SETMASK, [], [pid 3003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3003] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3004] memfd_create("syzkaller", 0 [pid 3003] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3004] <... memfd_create resumed>) = 3 [pid 3003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3003] <... mmap resumed>) = 0x7f22e154f000 [pid 3003] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3004] <... mmap resumed>) = 0x7f22d914f000 [pid 3003] <... mprotect resumed>) = 0 [pid 3003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3005 attached [pid 3005] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3005] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3003] <... clone3 resumed> => {parent_tid=[3005]}, 88) = 3005 [pid 3003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3003] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3003] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3005] <... futex resumed>) = 0 [pid 3005] creat("./bus", 000) = 4 [pid 3005] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3005] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3003] <... futex resumed>) = 0 [pid 3003] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3005] <... futex resumed>) = 0 [pid 3003] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3005] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3005] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3005] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3003] <... futex resumed>) = 0 [pid 3003] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3005] <... futex resumed>) = 0 [pid 3003] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3005] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3005] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3003] <... futex resumed>) = 0 [pid 3003] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3003] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3005] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3005] <... mmap resumed>) = 0x20000000 [pid 3005] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3004] <... write resumed>) = 262144 [pid 3003] <... futex resumed>) = 0 [pid 3003] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3005] <... futex resumed>) = 1 [pid 3005] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3005] +++ killed by SIGBUS +++ [pid 3004] +++ killed by SIGBUS +++ [pid 3003] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3003, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./837", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./837", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./837/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./837/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./837/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./837/bus") = 0 umount2("./837/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./837/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./837/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./837") = 0 mkdir("./838", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3006 ./strace-static-x86_64: Process 3006 attached [pid 3006] set_robust_list(0x5555564336a0, 24) = 0 [pid 3006] chdir("./838") = 0 [pid 3006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3006] setpgid(0, 0) = 0 [pid 3006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3006] write(3, "1000", 4) = 4 [pid 3006] close(3) = 0 [pid 3006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3006] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3006] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3006] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3006] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3007 attached [pid 3007] set_robust_list(0x7f22e15909a0, 24 [pid 3006] <... clone3 resumed> => {parent_tid=[3007]}, 88) = 3007 [pid 3007] <... set_robust_list resumed>) = 0 [pid 3006] rt_sigprocmask(SIG_SETMASK, [], [pid 3007] rt_sigprocmask(SIG_SETMASK, [], [pid 3006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3006] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3007] memfd_create("syzkaller", 0 [pid 3006] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3007] <... memfd_create resumed>) = 3 [pid 3006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3006] <... mmap resumed>) = 0x7f22e154f000 [ 65.673756][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 3006] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3007] <... mmap resumed>) = 0x7f22d914f000 [pid 3006] <... mprotect resumed>) = 0 [pid 3006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3008]}, 88) = 3008 [pid 3006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3006] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3006] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3008 attached [pid 3007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3008] set_robust_list(0x7f22e156f9a0, 24 [pid 3007] <... write resumed>) = 262144 [pid 3008] <... set_robust_list resumed>) = 0 [pid 3007] munmap(0x7f22d914f000, 138412032 [pid 3008] rt_sigprocmask(SIG_SETMASK, [], [pid 3007] <... munmap resumed>) = 0 [pid 3008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3007] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3008] creat("./bus", 000 [pid 3007] <... openat resumed>) = 4 [pid 3007] ioctl(4, LOOP_SET_FD, 3 [pid 3008] <... creat resumed>) = 5 [pid 3007] <... ioctl resumed>) = 0 [pid 3008] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3007] close(3 [pid 3008] <... futex resumed>) = 1 [pid 3007] <... close resumed>) = 0 [pid 3006] <... futex resumed>) = 0 [pid 3006] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3006] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3008] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3007] close(4 [pid 3008] <... mount resumed>) = 0 [pid 3007] <... close resumed>) = 0 [pid 3008] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3006] <... futex resumed>) = 0 [pid 3008] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3006] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3006] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3008] <... open resumed>) = 3 [pid 3008] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3008] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3007] mkdir("./file0", 0777) = 0 [pid 3007] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3006] <... futex resumed>) = 0 [pid 3006] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3006] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3008] <... futex resumed>) = 0 [pid 3008] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3007] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 3007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3007] ioctl(4, LOOP_CLR_FD [pid 3008] <... mmap resumed>) = 0x20000000 [pid 3008] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3006] <... futex resumed>) = 0 [pid 3006] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3008] memfd_create("syzkaller", 0) = 6 [pid 3008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3007] <... ioctl resumed>) = 0 [pid 3007] close(4) = 0 [pid 3007] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3007] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3008] write(6, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3008] munmap(0x7f22d914f000, 138412032) = 0 [pid 3008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3008] ioctl(4, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 3008] ioctl(4, LOOP_CLR_FD) = 0 [pid 3008] ioctl(4, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 3008] close(4) = 0 [pid 3008] close(6) = 0 [pid 3008] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3008] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3006] exit_group(0 [pid 3007] <... futex resumed>) = ? [pid 3006] <... exit_group resumed>) = ? [pid 3007] +++ exited with 0 +++ [pid 3008] <... futex resumed>) = ? [pid 3008] +++ exited with 0 +++ [pid 3006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3006, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./838", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./838", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./838/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./838/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./838/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./838/bus") = 0 umount2("./838/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./838/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./838/binderfs") = 0 umount2("./838/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./838/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./838/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./838/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./838/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./838") = 0 mkdir("./839", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3009 ./strace-static-x86_64: Process 3009 attached [ 65.738127][ T3007] loop0: detected capacity change from 0 to 512 [pid 3009] set_robust_list(0x5555564336a0, 24) = 0 [pid 3009] chdir("./839") = 0 [pid 3009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3009] setpgid(0, 0) = 0 [pid 3009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3009] write(3, "1000", 4) = 4 [pid 3009] close(3) = 0 [pid 3009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3009] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3009] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3009] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3010 attached => {parent_tid=[3010]}, 88) = 3010 [pid 3009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3009] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3009] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3009] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3011]}, 88) = 3011 [pid 3009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3009] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3009] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3010] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3010] memfd_create("syzkaller", 0) = 3 [pid 3010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 3011 attached ) = 0x7f22d914f000 [pid 3011] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3011] creat("./bus", 000) = 4 [pid 3010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3011] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3009] <... futex resumed>) = 0 [pid 3009] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3009] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3011] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3011] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3009] <... futex resumed>) = 0 [pid 3009] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3009] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3010] <... write resumed>) = 262144 [pid 3010] munmap(0x7f22d914f000, 138412032 [pid 3011] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3010] <... munmap resumed>) = 0 [pid 3010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3010] ioctl(5, LOOP_SET_FD, 3 [pid 3011] <... open resumed>) = 6 [pid 3011] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3011] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3010] <... ioctl resumed>) = 0 [pid 3009] <... futex resumed>) = 0 [pid 3009] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3009] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3010] close(3) = 0 [pid 3010] close(5 [pid 3011] <... futex resumed>) = 0 [pid 3010] <... close resumed>) = 0 [pid 3010] mkdir("./file0", 0777 [pid 3011] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 3011] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3010] <... mkdir resumed>) = 0 [pid 3010] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3010] ioctl(3, LOOP_CLR_FD) = 0 [pid 3010] close(3 [pid 3011] <... futex resumed>) = 1 [pid 3009] <... futex resumed>) = 0 [pid 3009] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3011] memfd_create("syzkaller", 0 [pid 3010] <... close resumed>) = 0 [pid 3010] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3010] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3011] <... memfd_create resumed>) = 3 [pid 3011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3011] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3011] munmap(0x7f22d914f000, 138412032) = 0 [pid 3011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3011] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3011] ioctl(5, LOOP_CLR_FD) = 0 [pid 3011] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3011] close(5) = 0 [pid 3011] close(3) = 0 [pid 3011] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3011] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3009] exit_group(0 [pid 3010] <... futex resumed>) = ? [pid 3009] <... exit_group resumed>) = ? [pid 3010] +++ exited with 0 +++ [pid 3011] <... futex resumed>) = ? [pid 3011] +++ exited with 0 +++ [pid 3009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3009, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./839", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./839", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./839/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./839/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./839/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./839/bus") = 0 umount2("./839/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./839/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./839/binderfs") = 0 umount2("./839/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./839/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./839/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./839/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./839/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 65.806026][ T3010] loop0: detected capacity change from 0 to 512 rmdir("./839") = 0 mkdir("./840", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3012 ./strace-static-x86_64: Process 3012 attached [pid 3012] set_robust_list(0x5555564336a0, 24) = 0 [pid 3012] chdir("./840") = 0 [pid 3012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3012] setpgid(0, 0) = 0 [pid 3012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3012] write(3, "1000", 4) = 4 [pid 3012] close(3) = 0 [pid 3012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3012] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3012] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3012] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3012] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3013 attached => {parent_tid=[3013]}, 88) = 3013 [pid 3012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3012] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3012] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3012] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 3013] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3012] <... clone3 resumed> => {parent_tid=[3014]}, 88) = 3014 [pid 3012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3012] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3012] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3014 attached [pid 3014] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3014] creat("./bus", 000 [pid 3013] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3014] <... creat resumed>) = 3 [pid 3014] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3012] <... futex resumed>) = 0 [pid 3012] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3012] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3014] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3014] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3012] <... futex resumed>) = 0 [pid 3012] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3012] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3014] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3014] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3012] <... futex resumed>) = 0 [pid 3012] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3012] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3014] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3014] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3012] <... futex resumed>) = 0 [pid 3012] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3014] +++ killed by SIGBUS +++ [pid 3013] +++ killed by SIGBUS +++ [pid 3012] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3012, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./840", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./840", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./840/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./840/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./840/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./840/bus") = 0 umount2("./840/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./840/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./840/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./840") = 0 mkdir("./841", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3015 ./strace-static-x86_64: Process 3015 attached [pid 3015] set_robust_list(0x5555564336a0, 24) = 0 [pid 3015] chdir("./841") = 0 [pid 3015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3015] setpgid(0, 0) = 0 [pid 3015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3015] write(3, "1000", 4) = 4 [pid 3015] close(3) = 0 [pid 3015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3015] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3015] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3015] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3016 attached => {parent_tid=[3016]}, 88) = 3016 [pid 3016] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3016] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3015] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3016] <... futex resumed>) = 0 [pid 3015] <... futex resumed>) = 1 [pid 3015] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3016] memfd_create("syzkaller", 0 [pid 3015] <... mmap resumed>) = 0x7f22e154f000 [pid 3015] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3016] <... memfd_create resumed>) = 3 [pid 3015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3017]}, 88) = 3017 [pid 3015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3015] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3015] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3017 attached [pid 3016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3016] munmap(0x7f22d914f000, 138412032) = 0 [pid 3016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3016] ioctl(4, LOOP_SET_FD, 3 [pid 3017] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3017] creat("./bus", 000) = 5 [pid 3017] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3017] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3016] <... ioctl resumed>) = 0 [pid 3016] close(3) = 0 [pid 3016] close(4) = 0 [pid 3016] mkdir("./file0", 0777) = 0 [pid 3016] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3015] <... futex resumed>) = 0 [pid 3015] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3017] <... futex resumed>) = 0 [pid 3017] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3017] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3017] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3015] <... futex resumed>) = 1 [pid 3015] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3015] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3017] <... futex resumed>) = 0 [pid 3017] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 3017] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3017] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3015] <... futex resumed>) = 1 [pid 3015] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3015] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3017] <... futex resumed>) = 0 [pid 3017] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3015] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3017] <... mmap resumed>) = 0x20000000 [pid 3017] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3017] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3015] <... futex resumed>) = 0 [pid 3015] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3017] <... futex resumed>) = 0 [pid 3017] memfd_create("syzkaller", 0) = 4 [pid 3017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3016] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 3016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3016] ioctl(6, LOOP_CLR_FD) = 0 [pid 3016] close(6 [pid 3017] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 3016] <... close resumed>) = 0 [pid 3016] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3016] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3017] <... write resumed>) = 4194304 [pid 3017] munmap(0x7f22d914f000, 138412032) = 0 [pid 3017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3017] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3017] ioctl(6, LOOP_CLR_FD) = 0 [pid 3017] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3017] close(6) = 0 [pid 3017] close(4) = 0 [pid 3017] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3017] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3015] exit_group(0 [pid 3016] <... futex resumed>) = ? [pid 3015] <... exit_group resumed>) = ? [pid 3017] <... futex resumed>) = ? [pid 3016] +++ exited with 0 +++ [pid 3017] +++ exited with 0 +++ [pid 3015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3015, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./841", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./841", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./841/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./841/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./841/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./841/bus") = 0 umount2("./841/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./841/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./841/binderfs") = 0 umount2("./841/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./841/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./841/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./841/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./841/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./841") = 0 mkdir("./842", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3019 ./strace-static-x86_64: Process 3019 attached [pid 3019] set_robust_list(0x5555564336a0, 24) = 0 [pid 3019] chdir("./842") = 0 [pid 3019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3019] setpgid(0, 0) = 0 [pid 3019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3019] write(3, "1000", 4) = 4 [pid 3019] close(3) = 0 [ 65.895439][ T3016] loop0: detected capacity change from 0 to 512 [ 65.908378][ T3016] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 65.921433][ T3016] EXT4-fs (loop0): get root inode failed [ 65.927316][ T3016] EXT4-fs (loop0): mount failed [pid 3019] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3019] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3019] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3019] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3019] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3019] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3020 attached => {parent_tid=[3020]}, 88) = 3020 [pid 3020] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3020] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3019] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3020] <... futex resumed>) = 0 [pid 3019] <... futex resumed>) = 1 [pid 3019] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3020] memfd_create("syzkaller", 0) = 3 [pid 3020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3019] <... futex resumed>) = 0 [pid 3019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3019] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3019] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3021]}, 88) = 3021 ./strace-static-x86_64: Process 3021 attached [pid 3021] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3021] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3019] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3021] <... futex resumed>) = 0 [pid 3021] creat("./bus", 000 [pid 3019] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3021] <... creat resumed>) = 4 [pid 3021] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3019] <... futex resumed>) = 0 [pid 3021] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3019] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3019] <... futex resumed>) = 0 [pid 3021] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3019] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3021] <... mount resumed>) = 0 [pid 3021] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3019] <... futex resumed>) = 0 [pid 3019] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3019] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3021] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3021] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3019] <... futex resumed>) = 0 [pid 3019] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3019] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3021] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3021] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3019] <... futex resumed>) = 0 [pid 3019] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3020] <... write resumed>) = 262144 [pid 3019] <... futex resumed>) = 0 [pid 3021] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3020] +++ killed by SIGBUS +++ [pid 3021] +++ killed by SIGBUS +++ [pid 3019] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3019, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./842", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./842", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./842/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./842/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./842/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./842/bus") = 0 umount2("./842/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./842/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./842/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./842") = 0 mkdir("./843", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3022 ./strace-static-x86_64: Process 3022 attached [pid 3022] set_robust_list(0x5555564336a0, 24) = 0 [pid 3022] chdir("./843") = 0 [pid 3022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3022] setpgid(0, 0) = 0 [pid 3022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3022] write(3, "1000", 4) = 4 [pid 3022] close(3) = 0 [pid 3022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3022] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3022] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3022] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3022] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3022] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3022] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3023]}, 88) = 3023 ./strace-static-x86_64: Process 3023 attached [pid 3023] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3023] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3022] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3023] <... futex resumed>) = 0 [pid 3023] memfd_create("syzkaller", 0) = 3 [pid 3023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3022] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3022] <... futex resumed>) = 0 [pid 3022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3022] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3022] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3022] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 3024 attached [pid 3024] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3024] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3022] <... clone3 resumed> => {parent_tid=[3024]}, 88) = 3024 [pid 3022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3022] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3023] <... write resumed>) = 262144 [pid 3022] <... futex resumed>) = 1 [pid 3024] <... futex resumed>) = 0 [pid 3024] creat("./bus", 000 [pid 3022] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3023] munmap(0x7f22d9170000, 138412032 [pid 3024] <... creat resumed>) = 4 [pid 3024] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3023] <... munmap resumed>) = 0 [pid 3024] <... futex resumed>) = 1 [pid 3023] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3022] <... futex resumed>) = 0 [pid 3022] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3024] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3023] <... openat resumed>) = 5 [pid 3022] <... futex resumed>) = 0 [pid 3022] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3023] ioctl(5, LOOP_SET_FD, 3 [pid 3024] <... mount resumed>) = 0 [pid 3023] <... ioctl resumed>) = 0 [pid 3024] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3023] close(3 [pid 3024] <... futex resumed>) = 1 [pid 3023] <... close resumed>) = 0 [pid 3022] <... futex resumed>) = 0 [pid 3024] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3023] close(5 [pid 3022] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3024] <... open resumed>) = 3 [pid 3022] <... futex resumed>) = 0 [pid 3022] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3024] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] <... close resumed>) = 0 [pid 3022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3024] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3022] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3022] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3023] mkdir(0x200000c0, 0777 [pid 3024] <... mmap resumed>) = 0x20000000 [pid 3024] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3022] <... futex resumed>) = 0 [pid 3024] memfd_create("syzkaller", 0 [pid 3022] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3024] <... memfd_create resumed>) = 5 [pid 3022] <... futex resumed>) = 0 [pid 3024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3023] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 3023] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3023] ioctl(6, LOOP_CLR_FD) = 0 [pid 3023] close(6) = 0 [pid 3023] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3024] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3024] munmap(0x7f22d9170000, 138412032) = 0 [pid 3024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3024] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3024] ioctl(6, LOOP_CLR_FD) = 0 [pid 3024] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3024] close(6) = 0 [pid 3024] close(5) = 0 [pid 3024] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3024] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3022] exit_group(0) = ? [pid 3024] <... futex resumed>) = ? [pid 3024] +++ exited with 0 +++ [pid 3023] <... futex resumed>) = ? [pid 3023] +++ exited with 0 +++ [pid 3022] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3022, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./843", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./843", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./843/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./843/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./843/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./843/bus") = 0 umount2("./843/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./843/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./843/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./843") = 0 mkdir("./844", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3025 ./strace-static-x86_64: Process 3025 attached [pid 3025] set_robust_list(0x5555564336a0, 24) = 0 [pid 3025] chdir("./844") = 0 [pid 3025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3025] setpgid(0, 0) = 0 [pid 3025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3025] write(3, "1000", 4) = 4 [pid 3025] close(3) = 0 [pid 3025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3025] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3025] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3025] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3025] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3025] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3026]}, 88) = 3026 [pid 3025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3025] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3025] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3025] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3025] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3027]}, 88) = 3027 [pid 3025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3025] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.013835][ T3023] loop0: detected capacity change from 0 to 512 [pid 3025] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3027 attached ./strace-static-x86_64: Process 3026 attached [pid 3026] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3026] memfd_create("syzkaller", 0 [pid 3027] set_robust_list(0x7f22e156f9a0, 24 [pid 3026] <... memfd_create resumed>) = 3 [pid 3026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3027] <... set_robust_list resumed>) = 0 [pid 3026] <... mmap resumed>) = 0x7f22d914f000 [pid 3027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3027] creat("./bus", 000) = 4 [pid 3027] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3025] <... futex resumed>) = 0 [pid 3025] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3025] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3027] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3027] <... mount resumed>) = 0 [pid 3027] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3025] <... futex resumed>) = 0 [pid 3025] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3025] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3026] <... write resumed>) = 262144 [pid 3026] munmap(0x7f22d914f000, 138412032 [pid 3027] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3026] <... munmap resumed>) = 0 [pid 3026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3026] ioctl(6, LOOP_SET_FD, 3 [pid 3027] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3027] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3025] <... futex resumed>) = 0 [pid 3025] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3025] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3027] <... futex resumed>) = 0 [pid 3027] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3026] <... ioctl resumed>) = 0 [pid 3026] close(3) = 0 [pid 3026] close(6 [pid 3027] <... mmap resumed>) = 0x20000000 [pid 3027] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3025] <... futex resumed>) = 0 [pid 3025] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3027] <... futex resumed>) = 1 [pid 3027] memfd_create("syzkaller", 0) = 3 [pid 3027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3026] <... close resumed>) = 0 [pid 3026] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3026] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3026] ioctl(6, LOOP_CLR_FD) = 0 [pid 3026] close(6) = 0 [pid 3026] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3026] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3027] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3027] munmap(0x7f22d914f000, 138412032) = 0 [pid 3027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3027] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3027] ioctl(6, LOOP_CLR_FD) = 0 [pid 3027] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3027] close(6) = 0 [pid 3027] close(3) = 0 [pid 3027] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3027] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3025] exit_group(0) = ? [pid 3026] <... futex resumed>) = ? [pid 3026] +++ exited with 0 +++ [pid 3027] <... futex resumed>) = ? [pid 3027] +++ exited with 0 +++ [pid 3025] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3025, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./844", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./844", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./844/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./844/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./844/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./844/bus") = 0 umount2("./844/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./844/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./844/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./844") = 0 mkdir("./845", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3028 attached , child_tidptr=0x555556433690) = 3028 [pid 3028] set_robust_list(0x5555564336a0, 24) = 0 [pid 3028] chdir("./845") = 0 [pid 3028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3028] setpgid(0, 0) = 0 [pid 3028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3028] write(3, "1000", 4) = 4 [pid 3028] close(3) = 0 [pid 3028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3028] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3028] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3028] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3029]}, 88) = 3029 [pid 3028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3028] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3028] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3030 attached ./strace-static-x86_64: Process 3029 attached [pid 3030] set_robust_list(0x7f22e156f9a0, 24 [pid 3029] set_robust_list(0x7f22e15909a0, 24 [pid 3028] <... clone3 resumed> => {parent_tid=[3030]}, 88) = 3030 [pid 3028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3028] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3030] <... set_robust_list resumed>) = 0 [pid 3030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3030] creat("./bus", 000) = 3 [pid 3030] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3030] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3028] <... futex resumed>) = 0 [pid 3028] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3030] <... futex resumed>) = 0 [pid 3030] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3030] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3030] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3028] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3028] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3030] <... futex resumed>) = 0 [ 66.087602][ T3026] loop0: detected capacity change from 0 to 512 [pid 3030] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3030] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3029] <... set_robust_list resumed>) = 0 [pid 3030] <... futex resumed>) = 0 [pid 3030] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3029] rt_sigprocmask(SIG_SETMASK, [], [pid 3028] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3028] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3030] <... futex resumed>) = 0 [pid 3030] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3030] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3030] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3028] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3028] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3030] <... futex resumed>) = 0 [pid 3030] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3030] +++ killed by SIGBUS +++ [pid 3029] <... rt_sigprocmask resumed> ) = ? [pid 3029] +++ killed by SIGBUS +++ [pid 3028] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3028, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./845", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./845", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./845/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./845/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./845/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./845/bus") = 0 umount2("./845/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./845/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./845/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./845") = 0 mkdir("./846", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3031 ./strace-static-x86_64: Process 3031 attached [pid 3031] set_robust_list(0x5555564336a0, 24) = 0 [pid 3031] chdir("./846") = 0 [pid 3031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3031] setpgid(0, 0) = 0 [pid 3031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3031] write(3, "1000", 4) = 4 [pid 3031] close(3) = 0 [pid 3031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3031] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3031] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3031] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3032]}, 88) = 3032 [pid 3031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3031] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3031] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3031] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3033]}, 88) = 3033 [pid 3031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3031] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3031] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3033 attached [pid 3033] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3033] creat("./bus", 000) = 3 [pid 3033] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3031] <... futex resumed>) = 0 [pid 3031] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3031] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3033] <... futex resumed>) = 1 [pid 3033] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3033] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3031] <... futex resumed>) = 0 [pid 3031] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3031] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3033] <... futex resumed>) = 1 [pid 3033] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3033] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3031] <... futex resumed>) = 0 [pid 3031] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3031] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3033] <... futex resumed>) = 1 [pid 3033] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3033] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3031] <... futex resumed>) = 0 [pid 3031] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3033] <... futex resumed>) = 1 [pid 3033] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- ./strace-static-x86_64: Process 3032 attached [pid 3032] +++ killed by SIGBUS +++ [pid 3033] +++ killed by SIGBUS +++ [pid 3031] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3031, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./846", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./846", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./846/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./846/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./846/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./846/bus") = 0 umount2("./846/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./846/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./846/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./846") = 0 mkdir("./847", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3034 ./strace-static-x86_64: Process 3034 attached [pid 3034] set_robust_list(0x5555564336a0, 24) = 0 [pid 3034] chdir("./847") = 0 [pid 3034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3034] setpgid(0, 0) = 0 [pid 3034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3034] write(3, "1000", 4) = 4 [pid 3034] close(3) = 0 [pid 3034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3034] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3034] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3034] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3035 attached => {parent_tid=[3035]}, 88) = 3035 [pid 3035] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3034] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3034] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3034] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3035] rt_sigprocmask(SIG_SETMASK, [], [pid 3034] <... mprotect resumed>) = 0 [pid 3035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3035] memfd_create("syzkaller", 0 [pid 3034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3035] <... memfd_create resumed>) = 3 [pid 3035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3035] munmap(0x7f22d914f000, 138412032) = 0 [pid 3034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3035] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 3035] <... openat resumed>) = 4 ./strace-static-x86_64: Process 3036 attached [pid 3035] ioctl(4, LOOP_SET_FD, 3 [pid 3036] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3034] <... clone3 resumed> => {parent_tid=[3036]}, 88) = 3036 [pid 3034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3034] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3034] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3035] <... ioctl resumed>) = 0 [pid 3035] close(3) = 0 [pid 3035] close(4 [pid 3036] rt_sigprocmask(SIG_SETMASK, [], [pid 3035] <... close resumed>) = 0 [pid 3035] mkdir("./file0", 0777 [pid 3036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3035] <... mkdir resumed>) = 0 [pid 3035] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3036] creat("./bus", 000) = 3 [pid 3036] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3034] <... futex resumed>) = 0 [pid 3034] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3034] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3036] <... futex resumed>) = 1 [pid 3036] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3036] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3034] <... futex resumed>) = 0 [pid 3034] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3034] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3036] <... futex resumed>) = 1 [pid 3036] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3036] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3034] <... futex resumed>) = 0 [pid 3034] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3034] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3036] <... futex resumed>) = 1 [pid 3036] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3036] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3034] <... futex resumed>) = 0 [pid 3034] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3036] <... futex resumed>) = 1 [pid 3036] memfd_create("syzkaller", 0) = 5 [pid 3036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3036] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3035] <... mount resumed>) = 0 [pid 3036] munmap(0x7f22d914f000, 138412032 [pid 3035] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3035] ioctl(6, LOOP_CLR_FD) = 0 [pid 3036] <... munmap resumed>) = 0 [pid 3035] close(6 [pid 3036] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3035] <... close resumed>) = 0 [pid 3035] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3035] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3036] <... openat resumed>) = 6 [pid 3036] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3036] ioctl(6, LOOP_CLR_FD) = 0 [pid 3036] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3036] close(6) = 0 [pid 3036] close(5) = 0 [pid 3036] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3036] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3034] exit_group(0) = ? [pid 3036] <... futex resumed>) = ? [pid 3035] <... futex resumed>) = ? [pid 3035] +++ exited with 0 +++ [pid 3036] +++ exited with 0 +++ [pid 3034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3034, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./847", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./847", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./847/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./847/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./847/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./847/bus") = 0 umount2("./847/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./847/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./847/binderfs") = 0 [ 66.185918][ T3035] loop0: detected capacity change from 0 to 512 [ 66.201920][ T3035] EXT4-fs (loop0): 1 truncate cleaned up [ 66.214309][ T3035] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./847/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./847/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./847/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./847/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./847/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./847/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./847") = 0 mkdir("./848", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3038 ./strace-static-x86_64: Process 3038 attached [pid 3038] set_robust_list(0x5555564336a0, 24) = 0 [pid 3038] chdir("./848") = 0 [pid 3038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3038] setpgid(0, 0) = 0 [pid 3038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3038] write(3, "1000", 4) = 4 [pid 3038] close(3) = 0 [pid 3038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3038] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3038] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3038] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3038] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3039 attached => {parent_tid=[3039]}, 88) = 3039 [pid 3039] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3039] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3038] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3039] <... futex resumed>) = 0 [pid 3038] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3039] memfd_create("syzkaller", 0 [pid 3038] <... futex resumed>) = 0 [pid 3039] <... memfd_create resumed>) = 3 [pid 3039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3038] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3038] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3040]}, 88) = 3040 [pid 3038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3038] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3038] <... futex resumed>) = 0 [pid 3038] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3040 attached [pid 3040] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3040] creat("./bus", 000) = 4 [pid 3040] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3038] <... futex resumed>) = 0 [pid 3040] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3038] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3040] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3039] <... write resumed>) = 262144 [pid 3040] <... mount resumed>) = 0 [pid 3039] munmap(0x7f22d9170000, 138412032 [pid 3040] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3038] <... futex resumed>) = 0 [pid 3038] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3040] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3039] <... munmap resumed>) = 0 [pid 3040] <... open resumed>) = 5 [pid 3039] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3040] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3039] <... openat resumed>) = 6 [pid 3040] <... futex resumed>) = 1 [pid 3039] ioctl(6, LOOP_SET_FD, 3 [pid 3038] <... futex resumed>) = 0 [pid 3038] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3040] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3040] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3038] <... futex resumed>) = 0 [pid 3038] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3039] <... ioctl resumed>) = 0 [pid 3039] close(3) = 0 [pid 3039] close(6) = 0 [pid 3039] mkdir(0x200000c0, 0777 [pid 3040] memfd_create("syzkaller", 0) = 3 [pid 3039] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 3039] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3039] ioctl(6, LOOP_CLR_FD) = 0 [pid 3039] close(6) = 0 [pid 3039] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3039] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3040] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3040] munmap(0x7f22d9170000, 138412032) = 0 [pid 3040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3040] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3040] ioctl(6, LOOP_CLR_FD) = 0 [pid 3040] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3040] close(6) = 0 [pid 3040] close(3) = 0 [ 66.255370][ T293] EXT4-fs (loop0): unmounting filesystem. [ 66.288631][ T3039] loop0: detected capacity change from 0 to 512 [ 66.295126][ T3040] Buffer I/O error on dev loop0, logical block 0, async page read [pid 3040] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3040] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3038] exit_group(0 [pid 3039] <... futex resumed>) = ? [pid 3038] <... exit_group resumed>) = ? [pid 3039] +++ exited with 0 +++ [pid 3040] <... futex resumed>) = ? [pid 3040] +++ exited with 0 +++ [pid 3038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3038, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./848", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./848", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./848/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./848/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./848/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./848/bus") = 0 umount2("./848/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./848/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./848/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./848") = 0 mkdir("./849", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3041 ./strace-static-x86_64: Process 3041 attached [pid 3041] set_robust_list(0x5555564336a0, 24) = 0 [pid 3041] chdir("./849") = 0 [pid 3041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3041] setpgid(0, 0) = 0 [pid 3041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3041] write(3, "1000", 4) = 4 [pid 3041] close(3) = 0 [pid 3041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3041] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3041] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3042]}, 88) = 3042 [pid 3041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3041] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3041] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3043]}, 88) = 3043 [pid 3041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3041] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3042 attached [pid 3042] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3042] memfd_create("syzkaller", 0) = 3 [pid 3042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3042] munmap(0x7f22d914f000, 138412032) = 0 [pid 3042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3042] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3043 attached ) = 0 [pid 3042] close(3) = 0 [pid 3042] close(4) = 0 [pid 3043] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3042] mkdir("./file0", 0777 [pid 3043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3043] creat("./bus", 000 [pid 3042] <... mkdir resumed>) = 0 [pid 3042] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3043] <... creat resumed>) = 3 [pid 3043] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3041] <... futex resumed>) = 0 [pid 3041] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3043] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3043] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3041] <... futex resumed>) = 0 [pid 3043] <... futex resumed>) = 1 [pid 3041] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3043] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3041] <... futex resumed>) = 0 [pid 3041] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3043] <... open resumed>) = 4 [pid 3043] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3041] <... futex resumed>) = 0 [pid 3041] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3043] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3041] <... futex resumed>) = 0 [pid 3041] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3043] <... mmap resumed>) = 0x20000000 [pid 3042] <... mount resumed>) = 0 [pid 3042] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3042] ioctl(5, LOOP_CLR_FD) = 0 [pid 3042] close(5 [pid 3043] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3042] <... close resumed>) = 0 [pid 3042] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3042] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3043] <... futex resumed>) = 1 [pid 3041] <... futex resumed>) = 0 [pid 3041] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3043] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3042] <... futex resumed>) = 0 [pid 3041] <... futex resumed>) = 1 [pid 3042] memfd_create("syzkaller", 0) = 5 [pid 3042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3042] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3042] munmap(0x7f22d914f000, 138412032) = 0 [pid 3042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3042] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3042] ioctl(6, LOOP_CLR_FD) = 0 [pid 3042] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3042] close(6) = 0 [pid 3042] close(5) = 0 [pid 3042] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3041] exit_group(0 [pid 3043] <... futex resumed>) = ? [pid 3041] <... exit_group resumed>) = ? [pid 3043] +++ exited with 0 +++ [pid 3042] <... futex resumed>) = ? [pid 3042] +++ exited with 0 +++ [pid 3041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3041, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./849", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./849", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./849/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./849/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./849/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./849/bus") = 0 umount2("./849/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./849/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./849/binderfs") = 0 [ 66.352806][ T3042] loop0: detected capacity change from 0 to 512 [ 66.366424][ T3042] EXT4-fs (loop0): 1 truncate cleaned up [ 66.372345][ T3042] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./849/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./849/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./849/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./849/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./849/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./849/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./849") = 0 mkdir("./850", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3045 ./strace-static-x86_64: Process 3045 attached [pid 3045] set_robust_list(0x5555564336a0, 24) = 0 [pid 3045] chdir("./850") = 0 [pid 3045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3045] setpgid(0, 0) = 0 [pid 3045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3045] write(3, "1000", 4) = 4 [pid 3045] close(3) = 0 [pid 3045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3045] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3045] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3045] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3046 attached => {parent_tid=[3046]}, 88) = 3046 [pid 3046] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3046] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3045] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3046] <... futex resumed>) = 0 [pid 3045] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3046] memfd_create("syzkaller", 0 [pid 3045] <... futex resumed>) = 0 [pid 3046] <... memfd_create resumed>) = 3 [pid 3046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3045] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3047]}, 88) = 3047 [pid 3046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3045] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3045] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3047 attached [pid 3046] <... write resumed>) = 262144 [pid 3047] set_robust_list(0x7f22d916f9a0, 24 [pid 3046] munmap(0x7f22d9170000, 138412032 [pid 3047] <... set_robust_list resumed>) = 0 [pid 3046] <... munmap resumed>) = 0 [pid 3047] rt_sigprocmask(SIG_SETMASK, [], [pid 3046] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3046] <... openat resumed>) = 4 [pid 3047] creat("./bus", 000 [pid 3046] ioctl(4, LOOP_SET_FD, 3 [pid 3047] <... creat resumed>) = 5 [pid 3047] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3045] <... futex resumed>) = 0 [pid 3045] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3045] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3047] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3047] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3045] <... futex resumed>) = 0 [pid 3045] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3045] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3047] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3047] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3045] <... futex resumed>) = 0 [pid 3045] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3045] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3047] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3046] <... ioctl resumed>) = 0 [pid 3046] close(3) = 0 [pid 3046] close(4 [pid 3047] <... mmap resumed>) = 0x20000000 [pid 3047] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3045] <... futex resumed>) = 0 [pid 3045] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3047] memfd_create("syzkaller", 0) = 3 [pid 3047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3046] <... close resumed>) = 0 [pid 3046] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3046] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3046] ioctl(4, LOOP_CLR_FD) = 0 [pid 3046] close(4) = 0 [pid 3046] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3046] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3047] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3047] munmap(0x7f22d9170000, 138412032) = 0 [pid 3047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3047] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3047] ioctl(4, LOOP_CLR_FD) = 0 [pid 3047] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3047] close(4) = 0 [pid 3047] close(3) = 0 [pid 3047] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3047] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3045] exit_group(0) = ? [pid 3046] <... futex resumed>) = ? [pid 3046] +++ exited with 0 +++ [pid 3047] <... futex resumed>) = ? [pid 3047] +++ exited with 0 +++ [pid 3045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3045, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./850", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./850", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./850/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./850/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./850/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./850/bus") = 0 umount2("./850/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./850/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 66.424813][ T293] EXT4-fs (loop0): unmounting filesystem. [ 66.453798][ T3046] loop0: detected capacity change from 0 to 512 unlink("./850/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./850") = 0 mkdir("./851", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3048 ./strace-static-x86_64: Process 3048 attached [pid 3048] set_robust_list(0x5555564336a0, 24) = 0 [pid 3048] chdir("./851") = 0 [pid 3048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3048] setpgid(0, 0) = 0 [pid 3048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3048] write(3, "1000", 4) = 4 [pid 3048] close(3) = 0 [pid 3048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3048] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3048] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3048] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3048] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3049]}, 88) = 3049 [pid 3048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3048] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3048] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3048] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3050]}, 88) = 3050 [pid 3048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3048] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3048] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3049 attached [pid 3049] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3049] memfd_create("syzkaller", 0) = 3 [pid 3049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 3050 attached [pid 3050] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3049] <... write resumed>) = 262144 [pid 3049] munmap(0x7f22d914f000, 138412032 [pid 3050] creat("./bus", 000 [pid 3049] <... munmap resumed>) = 0 [pid 3050] <... creat resumed>) = 4 [pid 3049] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3050] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3050] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3049] <... openat resumed>) = 5 [pid 3049] ioctl(5, LOOP_SET_FD, 3 [pid 3048] <... futex resumed>) = 0 [pid 3048] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3049] <... ioctl resumed>) = 0 [pid 3048] <... futex resumed>) = 1 [pid 3050] <... futex resumed>) = 0 [pid 3050] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3050] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3050] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3049] close(3) = 0 [pid 3049] close(5 [pid 3048] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3049] <... close resumed>) = 0 [pid 3049] mkdir("./file0", 0777) = 0 [pid 3049] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3048] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3050] <... futex resumed>) = 0 [pid 3050] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 3048] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3050] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3050] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3048] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3050] <... futex resumed>) = 0 [pid 3048] <... futex resumed>) = 1 [pid 3050] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3048] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3050] <... mmap resumed>) = 0x20000000 [pid 3050] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3050] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3048] <... futex resumed>) = 0 [pid 3048] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3050] <... futex resumed>) = 0 [pid 3050] memfd_create("syzkaller", 0) = 5 [pid 3050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3050] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 3049] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 3049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3049] ioctl(6, LOOP_CLR_FD) = 0 [pid 3049] close(6) = 0 [pid 3049] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3049] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3050] <... write resumed>) = 4194304 [pid 3050] munmap(0x7f22d914f000, 138412032) = 0 [pid 3050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3050] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3050] ioctl(6, LOOP_CLR_FD) = 0 [pid 3050] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3050] close(6) = 0 [pid 3050] close(5) = 0 [pid 3050] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3050] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3048] exit_group(0) = ? [pid 3049] <... futex resumed>) = ? [pid 3049] +++ exited with 0 +++ [pid 3050] <... futex resumed>) = ? [pid 3050] +++ exited with 0 +++ [pid 3048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3048, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./851", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./851", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./851/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./851/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./851/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./851/bus") = 0 umount2("./851/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./851/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./851/binderfs") = 0 umount2("./851/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./851/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./851/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./851/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./851/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./851") = 0 mkdir("./852", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3052 ./strace-static-x86_64: Process 3052 attached [pid 3052] set_robust_list(0x5555564336a0, 24) = 0 [pid 3052] chdir("./852") = 0 [pid 3052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3052] setpgid(0, 0) = 0 [pid 3052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3052] write(3, "1000", 4) = 4 [pid 3052] close(3) = 0 [pid 3052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3052] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3052] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3052] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3053 attached => {parent_tid=[3053]}, 88) = 3053 [pid 3053] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3053] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3052] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3053] <... futex resumed>) = 0 [pid 3052] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3053] memfd_create("syzkaller", 0 [pid 3052] <... futex resumed>) = 0 [pid 3053] <... memfd_create resumed>) = 3 [pid 3052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3052] <... mmap resumed>) = 0x7f22d914f000 [pid 3052] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 3054 attached => {parent_tid=[3054]}, 88) = 3054 [pid 3054] set_robust_list(0x7f22d916f9a0, 24 [pid 3052] rt_sigprocmask(SIG_SETMASK, [], [pid 3054] <... set_robust_list resumed>) = 0 [pid 3052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3054] rt_sigprocmask(SIG_SETMASK, [], [pid 3052] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3054] creat("./bus", 000 [pid 3052] <... futex resumed>) = 0 [pid 3052] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3054] <... creat resumed>) = 4 [pid 3054] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3052] <... futex resumed>) = 0 [pid 3052] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3054] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3052] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3054] <... mount resumed>) = 0 [pid 3054] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3052] <... futex resumed>) = 0 [pid 3054] <... futex resumed>) = 1 [pid 3053] <... write resumed>) = 262144 [pid 3053] munmap(0x7f22d9170000, 138412032 [pid 3052] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3054] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3052] <... futex resumed>) = 0 [pid 3054] <... open resumed>) = 5 [pid 3052] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3053] <... munmap resumed>) = 0 [pid 3053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3053] ioctl(6, LOOP_SET_FD, 3 [ 66.514720][ T3049] loop0: detected capacity change from 0 to 512 [ 66.528245][ T3049] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 66.541037][ T3049] EXT4-fs (loop0): get root inode failed [ 66.547015][ T3049] EXT4-fs (loop0): mount failed [pid 3054] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3052] <... futex resumed>) = 0 [pid 3052] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3052] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3054] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3053] <... ioctl resumed>) = 0 [pid 3053] close(3) = 0 [pid 3053] close(6) = 0 [pid 3053] mkdir(0x200000c0, 0777 [pid 3054] <... mmap resumed>) = 0x20000000 [pid 3054] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3052] <... futex resumed>) = 0 [pid 3052] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3054] <... futex resumed>) = 1 [pid 3054] memfd_create("syzkaller", 0) = 3 [pid 3054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3053] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 3053] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3053] ioctl(6, LOOP_CLR_FD) = 0 [pid 3053] close(6) = 0 [pid 3053] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3053] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3054] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3054] munmap(0x7f22d9170000, 138412032) = 0 [pid 3054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3054] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3054] ioctl(6, LOOP_CLR_FD) = 0 [pid 3054] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3054] close(6) = 0 [pid 3054] close(3) = 0 [pid 3054] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3052] exit_group(0) = ? [pid 3053] <... futex resumed>) = ? [pid 3053] +++ exited with 0 +++ [pid 3054] +++ exited with 0 +++ [pid 3052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3052, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./852", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./852", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./852/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./852/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./852/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./852/bus") = 0 umount2("./852/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./852/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./852/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./852") = 0 mkdir("./853", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3055 ./strace-static-x86_64: Process 3055 attached [pid 3055] set_robust_list(0x5555564336a0, 24) = 0 [pid 3055] chdir("./853") = 0 [pid 3055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3055] setpgid(0, 0) = 0 [pid 3055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3055] write(3, "1000", 4) = 4 [pid 3055] close(3) = 0 [pid 3055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3055] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3055] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3055] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3056]}, 88) = 3056 [pid 3055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3055] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3055] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3057]}, 88) = 3057 [pid 3055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3055] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3056 attached [pid 3056] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3056] memfd_create("syzkaller", 0) = 3 [pid 3056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3056] munmap(0x7f22d914f000, 138412032) = 0 [pid 3056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.592786][ T3053] loop0: detected capacity change from 0 to 512 [pid 3056] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3057 attached [pid 3057] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3057] creat("./bus", 000) = 5 [pid 3057] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3057] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3055] <... futex resumed>) = 0 [pid 3055] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3055] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3057] <... futex resumed>) = 0 [pid 3057] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3057] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3055] <... futex resumed>) = 0 [pid 3055] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3057] <... futex resumed>) = 1 [pid 3057] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3057] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3055] <... futex resumed>) = 0 [pid 3055] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3057] <... futex resumed>) = 1 [pid 3057] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3056] <... ioctl resumed>) = 0 [pid 3056] close(3) = 0 [pid 3056] close(4) = 0 [pid 3056] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3056] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3056] ioctl(3, LOOP_CLR_FD) = 0 [pid 3056] close(3) = 0 [pid 3056] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3056] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3057] <... mmap resumed>) = 0x20000000 [pid 3057] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3055] <... futex resumed>) = 0 [pid 3055] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3056] <... futex resumed>) = 0 [pid 3056] memfd_create("syzkaller", 0) = 3 [pid 3056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3057] <... futex resumed>) = 1 [pid 3057] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3056] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3056] munmap(0x7f22d914f000, 138412032) = 0 [pid 3056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3056] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3056] ioctl(4, LOOP_CLR_FD) = 0 [pid 3056] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3056] close(4) = 0 [pid 3056] close(3) = 0 [pid 3056] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3056] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3055] exit_group(0 [pid 3057] <... futex resumed>) = ? [pid 3055] <... exit_group resumed>) = ? [pid 3057] +++ exited with 0 +++ [pid 3056] <... futex resumed>) = ? [pid 3056] +++ exited with 0 +++ [pid 3055] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3055, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./853", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./853", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./853/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./853/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./853/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./853/bus") = 0 umount2("./853/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./853/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./853/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./853") = 0 mkdir("./854", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3059 attached [pid 3059] set_robust_list(0x5555564336a0, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 3059 [pid 3059] chdir("./854") = 0 [pid 3059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3059] setpgid(0, 0) = 0 [pid 3059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 66.652631][ T3056] loop0: detected capacity change from 0 to 512 [pid 3059] write(3, "1000", 4) = 4 [pid 3059] close(3) = 0 [pid 3059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3059] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3059] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3059] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3060 attached => {parent_tid=[3060]}, 88) = 3060 [pid 3059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3059] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3059] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3059] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3059] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3060] set_robust_list(0x7f22e15909a0, 24 [pid 3059] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3061]}, 88) = 3061 [pid 3059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3059] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3059] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3061 attached [pid 3061] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3061] creat("./bus", 000 [pid 3060] <... set_robust_list resumed>) = 0 [pid 3061] <... creat resumed>) = 3 [pid 3060] rt_sigprocmask(SIG_SETMASK, [], [pid 3061] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3059] <... futex resumed>) = 0 [pid 3059] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3059] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3061] <... futex resumed>) = 1 [pid 3061] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3061] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3059] <... futex resumed>) = 0 [pid 3059] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3059] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3061] <... futex resumed>) = 1 [pid 3061] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3061] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3059] <... futex resumed>) = 0 [pid 3059] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3059] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3061] <... futex resumed>) = 1 [pid 3061] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3060] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000184} --- [pid 3061] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3059] <... futex resumed>) = 0 [pid 3059] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3061] <... futex resumed>) = 1 [pid 3061] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3060] +++ killed by SIGBUS +++ [pid 3061] +++ killed by SIGBUS +++ [pid 3059] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3059, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./854", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./854", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./854/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./854/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./854/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./854/bus") = 0 umount2("./854/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./854/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./854/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./854") = 0 mkdir("./855", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3062 ./strace-static-x86_64: Process 3062 attached [pid 3062] set_robust_list(0x5555564336a0, 24) = 0 [pid 3062] chdir("./855") = 0 [pid 3062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3062] setpgid(0, 0) = 0 [pid 3062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3062] write(3, "1000", 4) = 4 [pid 3062] close(3) = 0 [pid 3062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3062] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3062] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3062] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3063]}, 88) = 3063 [pid 3062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3062] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3062] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 3063 attached ) = 0x7f22e154f000 [pid 3062] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3063] set_robust_list(0x7f22e15909a0, 24 [pid 3062] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3063] <... set_robust_list resumed>) = 0 [pid 3062] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 3063] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 3064 attached NULL, 8) = 0 [pid 3062] <... clone3 resumed> => {parent_tid=[3064]}, 88) = 3064 [pid 3062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3063] memfd_create("syzkaller", 0 [pid 3062] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3063] <... memfd_create resumed>) = 3 [pid 3062] <... futex resumed>) = 0 [pid 3062] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3064] set_robust_list(0x7f22e156f9a0, 24 [pid 3063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3064] <... set_robust_list resumed>) = 0 [pid 3064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3064] creat("./bus", 000) = 4 [pid 3063] <... mmap resumed>) = 0x7f22d914f000 [pid 3064] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3062] <... futex resumed>) = 0 [pid 3062] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3062] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3064] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3064] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3062] <... futex resumed>) = 0 [pid 3062] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3062] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3064] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3064] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3062] <... futex resumed>) = 0 [pid 3062] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3062] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3064] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3064] <... mmap resumed>) = 0x20000000 [pid 3064] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3062] <... futex resumed>) = 0 [pid 3062] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3064] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3063] <... write resumed>) = 262144 [pid 3063] +++ killed by SIGBUS +++ [pid 3064] +++ killed by SIGBUS +++ [pid 3062] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3062, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./855", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./855", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./855/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./855/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./855/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./855/bus") = 0 umount2("./855/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./855/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./855/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./855") = 0 mkdir("./856", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3065 ./strace-static-x86_64: Process 3065 attached [pid 3065] set_robust_list(0x5555564336a0, 24) = 0 [pid 3065] chdir("./856") = 0 [pid 3065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3065] setpgid(0, 0) = 0 [pid 3065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3065] write(3, "1000", 4) = 4 [pid 3065] close(3) = 0 [pid 3065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3065] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3065] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3066 attached [pid 3066] set_robust_list(0x7f22e15909a0, 24 [pid 3065] <... clone3 resumed> => {parent_tid=[3066]}, 88) = 3066 [pid 3066] <... set_robust_list resumed>) = 0 [pid 3065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3065] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3066] memfd_create("syzkaller", 0 [pid 3065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3066] <... memfd_create resumed>) = 3 [pid 3065] <... mmap resumed>) = 0x7f22e154f000 [pid 3066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3065] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3066] <... mmap resumed>) = 0x7f22d914f000 [pid 3065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3067]}, 88) = 3067 [pid 3065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3065] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3067 attached [pid 3067] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3067] creat("./bus", 000) = 4 [pid 3067] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3065] <... futex resumed>) = 0 [pid 3065] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3067] <... futex resumed>) = 1 [pid 3067] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3067] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3065] <... futex resumed>) = 0 [pid 3065] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3067] <... futex resumed>) = 1 [pid 3067] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3067] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3065] <... futex resumed>) = 0 [pid 3065] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3067] <... futex resumed>) = 1 [pid 3067] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3066] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d1f} --- [pid 3067] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3065] <... futex resumed>) = 0 [pid 3065] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3067] <... futex resumed>) = 1 [pid 3067] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3067] +++ killed by SIGBUS +++ [pid 3066] +++ killed by SIGBUS +++ [pid 3065] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3065, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./856", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./856", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./856/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./856/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./856/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./856/bus") = 0 umount2("./856/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./856/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./856/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./856") = 0 mkdir("./857", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3068 ./strace-static-x86_64: Process 3068 attached [pid 3068] set_robust_list(0x5555564336a0, 24) = 0 [pid 3068] chdir("./857") = 0 [pid 3068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3068] setpgid(0, 0) = 0 [pid 3068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3068] write(3, "1000", 4) = 4 [pid 3068] close(3) = 0 [pid 3068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3068] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3068] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3068] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3069 attached [pid 3069] set_robust_list(0x7f22e15909a0, 24 [pid 3068] <... clone3 resumed> => {parent_tid=[3069]}, 88) = 3069 [pid 3069] <... set_robust_list resumed>) = 0 [pid 3068] rt_sigprocmask(SIG_SETMASK, [], [pid 3069] rt_sigprocmask(SIG_SETMASK, [], [pid 3068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3068] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3069] memfd_create("syzkaller", 0 [pid 3068] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3069] <... memfd_create resumed>) = 3 [pid 3068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3068] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3068] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3069] <... mmap resumed>) = 0x7f22d914f000 [pid 3068] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3070 attached => {parent_tid=[3070]}, 88) = 3070 [pid 3070] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3070] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3068] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3070] <... futex resumed>) = 0 [pid 3070] creat("./bus", 000 [pid 3068] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3070] <... creat resumed>) = 4 [pid 3070] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3070] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3068] <... futex resumed>) = 0 [pid 3068] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3070] <... futex resumed>) = 0 [pid 3070] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3068] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3070] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3068] <... futex resumed>) = 0 [pid 3070] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3068] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3068] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3070] <... open resumed>) = 5 [pid 3070] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3068] <... futex resumed>) = 0 [pid 3070] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3068] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3068] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3070] <... mmap resumed>) = 0x20000000 [pid 3070] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3068] <... futex resumed>) = 0 [pid 3070] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3068] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3070] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3068] <... futex resumed>) = ? [pid 3069] +++ killed by SIGBUS +++ [pid 3070] +++ killed by SIGBUS +++ [pid 3068] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3068, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./857", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./857", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./857/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./857/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./857/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./857/bus") = 0 umount2("./857/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./857/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./857/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./857") = 0 mkdir("./858", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3071 ./strace-static-x86_64: Process 3071 attached [pid 3071] set_robust_list(0x5555564336a0, 24) = 0 [pid 3071] chdir("./858") = 0 [pid 3071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3071] setpgid(0, 0) = 0 [pid 3071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3071] write(3, "1000", 4) = 4 [pid 3071] close(3) = 0 [pid 3071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3071] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3071] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3071] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3072 attached => {parent_tid=[3072]}, 88) = 3072 [pid 3072] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3071] rt_sigprocmask(SIG_SETMASK, [], [pid 3072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3072] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3071] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3072] <... futex resumed>) = 0 [pid 3071] <... futex resumed>) = 1 [pid 3072] memfd_create("syzkaller", 0) = 3 [pid 3071] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3071] <... futex resumed>) = 0 [pid 3071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3071] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 3073 attached [pid 3072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3071] <... clone3 resumed> => {parent_tid=[3073]}, 88) = 3073 [pid 3071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3071] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3071] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3073] set_robust_list(0x7f22d916f9a0, 24 [pid 3072] <... write resumed>) = 262144 [pid 3073] <... set_robust_list resumed>) = 0 [pid 3072] munmap(0x7f22d9170000, 138412032 [pid 3073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3072] <... munmap resumed>) = 0 [pid 3073] creat("./bus", 000 [pid 3072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3073] <... creat resumed>) = 5 [pid 3072] ioctl(4, LOOP_SET_FD, 3 [pid 3073] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3071] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3071] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3073] <... futex resumed>) = 1 [pid 3073] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3071] <... futex resumed>) = 0 [pid 3071] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3073] <... mount resumed>) = 0 [pid 3073] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3071] <... futex resumed>) = 0 [pid 3071] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3071] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3073] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3073] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3071] <... futex resumed>) = 0 [pid 3071] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3071] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3073] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3072] <... ioctl resumed>) = 0 [pid 3072] close(3) = 0 [pid 3072] close(4 [pid 3073] <... mmap resumed>) = 0x20000000 [pid 3073] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3071] <... futex resumed>) = 0 [pid 3071] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3073] <... futex resumed>) = 1 [pid 3073] memfd_create("syzkaller", 0) = 3 [pid 3073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3072] <... close resumed>) = 0 [pid 3072] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3072] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3072] ioctl(4, LOOP_CLR_FD) = 0 [pid 3072] close(4) = 0 [pid 3072] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3072] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3073] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3073] munmap(0x7f22d9170000, 138412032) = 0 [pid 3073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3073] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3073] ioctl(4, LOOP_CLR_FD) = 0 [pid 3073] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3073] close(4) = 0 [pid 3073] close(3) = 0 [pid 3073] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3073] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3071] exit_group(0) = ? [pid 3072] <... futex resumed>) = ? [pid 3072] +++ exited with 0 +++ [pid 3073] <... futex resumed>) = ? [pid 3073] +++ exited with 0 +++ [pid 3071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3071, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./858", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./858", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./858/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./858/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./858/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./858/bus") = 0 umount2("./858/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./858/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./858/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./858") = 0 mkdir("./859", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3074 attached , child_tidptr=0x555556433690) = 3074 [pid 3074] set_robust_list(0x5555564336a0, 24) = 0 [pid 3074] chdir("./859") = 0 [pid 3074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3074] setpgid(0, 0) = 0 [pid 3074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3074] write(3, "1000", 4) = 4 [pid 3074] close(3) = 0 [pid 3074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3074] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3074] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3074] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3075]}, 88) = 3075 [pid 3074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3074] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3074] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3074] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 66.785030][ T3072] loop0: detected capacity change from 0 to 512 [pid 3074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3076]}, 88) = 3076 [pid 3074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3074] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3075 attached ./strace-static-x86_64: Process 3076 attached [pid 3076] set_robust_list(0x7f22e156f9a0, 24 [pid 3075] set_robust_list(0x7f22e15909a0, 24 [pid 3076] <... set_robust_list resumed>) = 0 [pid 3075] <... set_robust_list resumed>) = 0 [pid 3076] rt_sigprocmask(SIG_SETMASK, [], [pid 3075] rt_sigprocmask(SIG_SETMASK, [], [pid 3076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3076] creat("./bus", 000 [pid 3075] memfd_create("syzkaller", 0) = 3 [pid 3074] <... futex resumed>) = 0 [pid 3076] <... creat resumed>) = 4 [pid 3075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3076] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3075] <... mmap resumed>) = 0x7f22d914f000 [pid 3076] <... futex resumed>) = 0 [pid 3074] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3074] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3074] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3076] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3076] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3076] <... futex resumed>) = 1 [pid 3074] <... futex resumed>) = 0 [pid 3074] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3074] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3076] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3075] <... write resumed>) = 262144 [pid 3075] munmap(0x7f22d914f000, 138412032) = 0 [pid 3075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3075] ioctl(5, LOOP_SET_FD, 3 [pid 3076] <... open resumed>) = 6 [pid 3076] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3074] <... futex resumed>) = 0 [pid 3074] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3074] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3076] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3075] <... ioctl resumed>) = 0 [pid 3075] close(3) = 0 [pid 3075] close(5) = 0 [pid 3075] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3075] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3075] ioctl(3, LOOP_CLR_FD) = 0 [pid 3075] close(3 [pid 3076] <... mmap resumed>) = 0x20000000 [pid 3076] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3074] <... futex resumed>) = 0 [pid 3074] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3076] <... futex resumed>) = 1 [pid 3076] memfd_create("syzkaller", 0) = 3 [pid 3076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3075] <... close resumed>) = 0 [pid 3075] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3075] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3076] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3076] munmap(0x7f22d914f000, 138412032) = 0 [pid 3076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3076] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3076] ioctl(5, LOOP_CLR_FD) = 0 [pid 3076] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3076] close(5) = 0 [pid 3076] close(3) = 0 [pid 3076] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3076] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3074] exit_group(0) = ? [pid 3075] <... futex resumed>) = ? [pid 3075] +++ exited with 0 +++ [pid 3076] <... futex resumed>) = ? [pid 3076] +++ exited with 0 +++ [pid 3074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3074, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./859", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./859", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./859/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./859/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./859/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./859/bus") = 0 umount2("./859/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./859/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./859/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./859") = 0 mkdir("./860", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3077 ./strace-static-x86_64: Process 3077 attached [pid 3077] set_robust_list(0x5555564336a0, 24) = 0 [pid 3077] chdir("./860") = 0 [pid 3077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3077] setpgid(0, 0) = 0 [pid 3077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3077] write(3, "1000", 4) = 4 [pid 3077] close(3) = 0 [pid 3077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3077] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3077] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [ 66.850092][ T3075] loop0: detected capacity change from 0 to 512 [pid 3077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3077] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3078 attached [pid 3078] set_robust_list(0x7f22e15909a0, 24 [pid 3077] <... clone3 resumed> => {parent_tid=[3078]}, 88) = 3078 [pid 3078] <... set_robust_list resumed>) = 0 [pid 3077] rt_sigprocmask(SIG_SETMASK, [], [pid 3078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3078] memfd_create("syzkaller", 0 [pid 3077] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3078] <... memfd_create resumed>) = 3 [pid 3077] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3077] <... futex resumed>) = 0 [pid 3077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3078] <... mmap resumed>) = 0x7f22d9170000 [pid 3077] <... mmap resumed>) = 0x7f22d914f000 [pid 3077] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3079]}, 88) = 3079 [pid 3077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3077] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3077] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3079 attached [pid 3079] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3079] creat("./bus", 000) = 4 [pid 3079] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3077] <... futex resumed>) = 0 [pid 3077] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3077] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3079] <... futex resumed>) = 1 [pid 3079] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3079] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3077] <... futex resumed>) = 0 [pid 3077] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3077] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3079] <... futex resumed>) = 1 [pid 3079] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3079] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3077] <... futex resumed>) = 0 [pid 3077] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3077] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3079] <... futex resumed>) = 1 [pid 3079] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3079] <... mmap resumed>) = 0x20000000 [pid 3079] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3078] <... write resumed>) = 262144 [pid 3079] <... futex resumed>) = 1 [pid 3078] munmap(0x7f22d9170000, 138412032 [pid 3077] <... futex resumed>) = 0 [pid 3077] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3079] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3078] <... munmap resumed>) = ? [pid 3078] +++ killed by SIGBUS +++ [pid 3079] +++ killed by SIGBUS +++ [pid 3077] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3077, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./860", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./860", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./860/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./860/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./860/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./860/bus") = 0 umount2("./860/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./860/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./860/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./860") = 0 mkdir("./861", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3080 ./strace-static-x86_64: Process 3080 attached [pid 3080] set_robust_list(0x5555564336a0, 24) = 0 [pid 3080] chdir("./861") = 0 [pid 3080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3080] setpgid(0, 0) = 0 [pid 3080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3080] write(3, "1000", 4) = 4 [pid 3080] close(3) = 0 [pid 3080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3080] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3080] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3080] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3080] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3081 attached => {parent_tid=[3081]}, 88) = 3081 [pid 3081] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3081] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3080] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3081] <... futex resumed>) = 0 [pid 3081] memfd_create("syzkaller", 0 [pid 3080] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3081] <... memfd_create resumed>) = 3 [pid 3081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3080] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3082]}, 88) = 3082 [pid 3080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3080] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3080] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 3082 attached [pid 3082] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3082] creat("./bus", 000) = 4 [pid 3081] <... write resumed>) = 262144 [pid 3082] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3081] munmap(0x7f22d9170000, 138412032 [pid 3082] <... futex resumed>) = 1 [pid 3081] <... munmap resumed>) = 0 [pid 3080] <... futex resumed>) = 0 [pid 3082] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3080] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3082] <... mount resumed>) = 0 [pid 3082] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3080] <... futex resumed>) = 0 [pid 3082] <... futex resumed>) = 0 [pid 3081] <... openat resumed>) = 5 [pid 3082] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3081] ioctl(5, LOOP_SET_FD, 3 [pid 3080] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3080] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3082] <... futex resumed>) = 0 [pid 3080] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3082] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3082] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3082] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3081] <... ioctl resumed>) = 0 [pid 3080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3081] close(3 [pid 3080] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3081] <... close resumed>) = 0 [pid 3082] <... futex resumed>) = 0 [pid 3082] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3080] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3081] close(5) = 0 [pid 3081] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3081] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3081] ioctl(3, LOOP_CLR_FD) = 0 [pid 3081] close(3) = 0 [pid 3081] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3081] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3082] <... mmap resumed>) = 0x20000000 [pid 3082] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3080] <... futex resumed>) = 0 [pid 3080] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3082] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3081] <... futex resumed>) = 0 [pid 3081] memfd_create("syzkaller", 0) = 3 [pid 3081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3081] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3081] munmap(0x7f22d9170000, 138412032) = 0 [pid 3081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3081] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3081] ioctl(5, LOOP_CLR_FD) = 0 [pid 3081] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3081] close(5) = 0 [pid 3081] close(3) = 0 [pid 3081] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3081] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3080] exit_group(0 [pid 3082] <... futex resumed>) = ? [pid 3080] <... exit_group resumed>) = ? [pid 3082] +++ exited with 0 +++ [pid 3081] <... futex resumed>) = ? [pid 3081] +++ exited with 0 +++ [pid 3080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3080, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./861", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./861", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./861/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./861/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./861/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./861/bus") = 0 umount2("./861/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./861/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./861/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./861") = 0 mkdir("./862", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3083 ./strace-static-x86_64: Process 3083 attached [pid 3083] set_robust_list(0x5555564336a0, 24) = 0 [pid 3083] chdir("./862") = 0 [pid 3083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3083] setpgid(0, 0) = 0 [pid 3083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3083] write(3, "1000", 4) = 4 [pid 3083] close(3) = 0 [pid 3083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3083] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3083] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3083] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3084 attached => {parent_tid=[3084]}, 88) = 3084 [pid 3084] set_robust_list(0x7f22e15909a0, 24 [pid 3083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3084] <... set_robust_list resumed>) = 0 [pid 3083] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3084] rt_sigprocmask(SIG_SETMASK, [], [pid 3083] <... futex resumed>) = 0 [pid 3084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3083] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3084] memfd_create("syzkaller", 0 [pid 3083] <... futex resumed>) = 0 [pid 3083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3084] <... memfd_create resumed>) = 3 [pid 3084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3083] <... mmap resumed>) = 0x7f22e154f000 [pid 3083] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3084] <... mmap resumed>) = 0x7f22d914f000 [pid 3083] <... mprotect resumed>) = 0 [pid 3083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 66.940778][ T3081] loop0: detected capacity change from 0 to 512 [pid 3083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3085 attached => {parent_tid=[3085]}, 88) = 3085 [pid 3085] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3085] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3083] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3085] <... futex resumed>) = 0 [pid 3085] creat("./bus", 000 [pid 3083] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3085] <... creat resumed>) = 4 [pid 3085] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3085] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3083] <... futex resumed>) = 0 [pid 3083] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3085] <... futex resumed>) = 0 [pid 3085] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3083] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3085] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3083] <... futex resumed>) = 0 [pid 3083] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3083] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3085] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3085] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3083] <... futex resumed>) = 0 [pid 3083] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3083] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3085] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3085] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3083] <... futex resumed>) = 0 [pid 3083] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3085] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3084] <... write resumed>) = ? [pid 3085] +++ killed by SIGBUS +++ [pid 3084] +++ killed by SIGBUS +++ [pid 3083] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3083, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./862", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./862", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./862/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./862/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./862/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./862/bus") = 0 umount2("./862/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./862/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./862/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./862") = 0 mkdir("./863", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3086 ./strace-static-x86_64: Process 3086 attached [pid 3086] set_robust_list(0x5555564336a0, 24) = 0 [pid 3086] chdir("./863") = 0 [pid 3086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3086] setpgid(0, 0) = 0 [pid 3086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3086] write(3, "1000", 4) = 4 [pid 3086] close(3) = 0 [pid 3086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3086] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3086] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3086] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3086] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3087 attached [pid 3087] set_robust_list(0x7f22e15909a0, 24 [pid 3086] <... clone3 resumed> => {parent_tid=[3087]}, 88) = 3087 [pid 3087] <... set_robust_list resumed>) = 0 [pid 3086] rt_sigprocmask(SIG_SETMASK, [], [pid 3087] rt_sigprocmask(SIG_SETMASK, [], [pid 3086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3086] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3087] memfd_create("syzkaller", 0 [pid 3086] <... futex resumed>) = 0 [pid 3086] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3087] <... memfd_create resumed>) = 3 [pid 3086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3086] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3088 attached => {parent_tid=[3088]}, 88) = 3088 [pid 3086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3086] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3086] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3088] set_robust_list(0x7f22e156f9a0, 24 [pid 3087] <... mmap resumed>) = 0x7f22d914f000 [pid 3088] <... set_robust_list resumed>) = 0 [pid 3088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3088] creat("./bus", 000) = 4 [pid 3087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3088] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3086] <... futex resumed>) = 0 [pid 3086] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3086] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3088] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3087] <... write resumed>) = 262144 [pid 3088] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3087] munmap(0x7f22d914f000, 138412032) = 0 [pid 3088] <... futex resumed>) = 1 [pid 3086] <... futex resumed>) = 0 [pid 3086] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3086] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3087] ioctl(5, LOOP_SET_FD, 3 [pid 3088] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3087] <... ioctl resumed>) = 0 [pid 3087] close(3) = 0 [pid 3087] close(5) = 0 [pid 3087] mkdir("./file0", 0777) = 0 [pid 3087] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3088] <... open resumed>) = 3 [pid 3088] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3086] <... futex resumed>) = 0 [pid 3086] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3086] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3088] <... futex resumed>) = 1 [pid 3088] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 3088] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3086] <... futex resumed>) = 0 [pid 3086] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3087] <... mount resumed>) = 0 [pid 3086] <... futex resumed>) = 0 [pid 3087] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3087] ioctl(5, LOOP_CLR_FD) = 0 [pid 3087] close(5 [pid 3088] memfd_create("syzkaller", 0) = 5 [pid 3088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3087] <... close resumed>) = 0 [pid 3087] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3087] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3088] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3088] munmap(0x7f22d914f000, 138412032) = 0 [pid 3088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3088] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3088] ioctl(6, LOOP_CLR_FD) = 0 [pid 3088] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3088] close(6) = 0 [pid 3088] close(5) = 0 [pid 3088] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3086] exit_group(0 [pid 3087] <... futex resumed>) = ? [pid 3086] <... exit_group resumed>) = ? [pid 3087] +++ exited with 0 +++ [pid 3088] +++ exited with 0 +++ [pid 3086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3086, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./863", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./863", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./863/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./863/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./863/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./863/bus") = 0 umount2("./863/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./863/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./863/binderfs") = 0 [ 67.037131][ T3087] loop0: detected capacity change from 0 to 512 [ 67.049122][ T3087] EXT4-fs (loop0): 1 truncate cleaned up [ 67.054767][ T3087] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./863/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./863/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./863/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./863/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./863/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./863/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./863") = 0 mkdir("./864", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3090 ./strace-static-x86_64: Process 3090 attached [pid 3090] set_robust_list(0x5555564336a0, 24) = 0 [pid 3090] chdir("./864") = 0 [pid 3090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3090] setpgid(0, 0) = 0 [pid 3090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3090] write(3, "1000", 4) = 4 [pid 3090] close(3) = 0 [pid 3090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3090] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3090] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3091 attached => {parent_tid=[3091]}, 88) = 3091 [pid 3091] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3091] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3090] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3091] <... futex resumed>) = 0 [pid 3090] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3091] memfd_create("syzkaller", 0) = 3 [pid 3091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3090] <... futex resumed>) = 0 [pid 3090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3090] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3092]}, 88) = 3092 [pid 3090] rt_sigprocmask(SIG_SETMASK, [], [pid 3091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3090] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3092 attached [pid 3091] <... write resumed>) = 262144 [pid 3092] set_robust_list(0x7f22d916f9a0, 24 [pid 3091] munmap(0x7f22d9170000, 138412032 [pid 3092] <... set_robust_list resumed>) = 0 [pid 3092] rt_sigprocmask(SIG_SETMASK, [], [pid 3091] <... munmap resumed>) = 0 [pid 3091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3091] ioctl(4, LOOP_SET_FD, 3 [pid 3092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3092] creat("./bus", 000) = 5 [pid 3092] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3090] <... futex resumed>) = 0 [pid 3090] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3092] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3092] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3090] <... futex resumed>) = 0 [pid 3090] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3092] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3092] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3090] <... futex resumed>) = 0 [pid 3090] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3092] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3091] <... ioctl resumed>) = 0 [pid 3091] close(3) = 0 [pid 3091] close(4 [pid 3092] <... mmap resumed>) = 0x20000000 [pid 3092] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3090] <... futex resumed>) = 0 [pid 3090] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3092] <... futex resumed>) = 1 [pid 3092] memfd_create("syzkaller", 0) = 3 [pid 3092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3091] <... close resumed>) = 0 [pid 3091] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3091] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3091] ioctl(4, LOOP_CLR_FD) = 0 [pid 3091] close(4) = 0 [pid 3091] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3091] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3092] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3092] munmap(0x7f22d9170000, 138412032) = 0 [pid 3092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3092] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3092] ioctl(4, LOOP_CLR_FD) = 0 [pid 3092] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3092] close(4) = 0 [pid 3092] close(3) = 0 [pid 3092] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3090] exit_group(0) = ? [pid 3091] <... futex resumed>) = ? [ 67.105784][ T293] EXT4-fs (loop0): unmounting filesystem. [ 67.134589][ T3091] loop0: detected capacity change from 0 to 512 [pid 3092] <... futex resumed>) = ? [pid 3091] +++ exited with 0 +++ [pid 3092] +++ exited with 0 +++ [pid 3090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3090, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./864", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./864", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./864/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./864/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./864/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./864/bus") = 0 umount2("./864/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./864/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./864/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./864") = 0 mkdir("./865", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3093 ./strace-static-x86_64: Process 3093 attached [pid 3093] set_robust_list(0x5555564336a0, 24) = 0 [pid 3093] chdir("./865") = 0 [pid 3093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3093] setpgid(0, 0) = 0 [pid 3093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3093] write(3, "1000", 4) = 4 [pid 3093] close(3) = 0 [pid 3093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3093] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3093] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3093] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3094]}, 88) = 3094 [pid 3093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3093] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3093] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3093] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3095]}, 88) = 3095 [pid 3093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3093] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3093] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3095 attached [pid 3095] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3095] creat("./bus", 000) = 3 [pid 3095] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3093] <... futex resumed>) = 0 [pid 3093] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3093] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3095] <... futex resumed>) = 1 [pid 3095] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3095] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3093] <... futex resumed>) = 0 [pid 3093] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3093] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3095] <... futex resumed>) = 1 [pid 3095] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3095] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3093] <... futex resumed>) = 0 [pid 3093] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3093] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3095] <... futex resumed>) = 1 [pid 3095] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3095] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3093] <... futex resumed>) = 0 [pid 3093] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3095] <... futex resumed>) = 1 [pid 3095] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3095] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3094 attached [pid 3094] +++ killed by SIGBUS +++ [pid 3093] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3093, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./865", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./865", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./865/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./865/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./865/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./865/bus") = 0 umount2("./865/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./865/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./865/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./865") = 0 mkdir("./866", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3096 ./strace-static-x86_64: Process 3096 attached [pid 3096] set_robust_list(0x5555564336a0, 24) = 0 [pid 3096] chdir("./866") = 0 [pid 3096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3096] setpgid(0, 0) = 0 [pid 3096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3096] write(3, "1000", 4) = 4 [pid 3096] close(3) = 0 [pid 3096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3096] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3096] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3096] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3097]}, 88) = 3097 [pid 3096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3096] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3096] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3096] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3098]}, 88) = 3098 [pid 3096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3096] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3096] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3098 attached [pid 3098] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3098] creat("./bus", 000) = 3 [pid 3098] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3096] <... futex resumed>) = 0 [pid 3096] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3096] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3098] <... futex resumed>) = 1 [pid 3098] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3098] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3096] <... futex resumed>) = 0 [pid 3096] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3096] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3098] <... futex resumed>) = 1 [pid 3098] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3098] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3096] <... futex resumed>) = 0 [pid 3096] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3096] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3098] <... futex resumed>) = 1 [pid 3098] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3098] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3096] <... futex resumed>) = 0 [pid 3096] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3098] <... futex resumed>) = 1 [pid 3098] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- ./strace-static-x86_64: Process 3097 attached [pid 3097] +++ killed by SIGBUS +++ [pid 3098] +++ killed by SIGBUS +++ [pid 3096] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3096, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./866", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./866", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./866/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./866/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./866/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./866/bus") = 0 umount2("./866/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./866/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./866/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./866") = 0 mkdir("./867", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3099 attached , child_tidptr=0x555556433690) = 3099 [pid 3099] set_robust_list(0x5555564336a0, 24) = 0 [pid 3099] chdir("./867") = 0 [pid 3099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3099] setpgid(0, 0) = 0 [pid 3099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3099] write(3, "1000", 4) = 4 [pid 3099] close(3) = 0 [pid 3099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3099] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3099] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3099] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3100 attached [pid 3100] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3100] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3099] <... clone3 resumed> => {parent_tid=[3100]}, 88) = 3100 [pid 3099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3099] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3100] <... futex resumed>) = 0 [pid 3100] memfd_create("syzkaller", 0 [pid 3099] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3099] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3101]}, 88) = 3101 [pid 3100] <... memfd_create resumed>) = 3 [pid 3099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3099] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3099] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3101 attached [pid 3101] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3101] creat("./bus", 000 [pid 3100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3101] <... creat resumed>) = 4 [pid 3101] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3099] <... futex resumed>) = 0 [pid 3099] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3100] <... mmap resumed>) = 0x7f22d914f000 [pid 3099] <... futex resumed>) = 0 [pid 3099] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3101] <... futex resumed>) = 1 [pid 3101] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3101] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3099] <... futex resumed>) = 0 [pid 3099] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3099] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3101] <... futex resumed>) = 1 [pid 3101] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3101] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3099] <... futex resumed>) = 0 [pid 3099] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3099] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3101] <... futex resumed>) = 1 [pid 3101] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3101] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3099] <... futex resumed>) = 0 [pid 3099] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3101] <... futex resumed>) = 1 [pid 3101] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3100] +++ killed by SIGBUS +++ [pid 3101] +++ killed by SIGBUS +++ [pid 3099] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3099, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./867", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./867", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./867/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./867/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./867/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./867/bus") = 0 umount2("./867/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./867/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./867/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./867") = 0 mkdir("./868", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3102 ./strace-static-x86_64: Process 3102 attached [pid 3102] set_robust_list(0x5555564336a0, 24) = 0 [pid 3102] chdir("./868") = 0 [pid 3102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3102] setpgid(0, 0) = 0 [pid 3102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3102] write(3, "1000", 4) = 4 [pid 3102] close(3) = 0 [pid 3102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3102] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3102] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3102] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3103]}, 88) = 3103 [pid 3102] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 3103 attached NULL, 8) = 0 [pid 3103] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3103] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3102] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3103] <... futex resumed>) = 0 [pid 3103] memfd_create("syzkaller", 0 [pid 3102] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3103] <... memfd_create resumed>) = 3 [pid 3103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3102] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 3104 attached [pid 3104] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3104] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3102] <... clone3 resumed> => {parent_tid=[3104]}, 88) = 3104 [pid 3102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3102] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3104] <... futex resumed>) = 0 [pid 3104] creat("./bus", 000 [pid 3103] <... write resumed>) = 262144 [pid 3102] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3104] <... creat resumed>) = 4 [pid 3104] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3103] munmap(0x7f22d9170000, 138412032 [pid 3104] <... futex resumed>) = 1 [pid 3103] <... munmap resumed>) = 0 [pid 3102] <... futex resumed>) = 0 [pid 3104] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3103] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3102] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3103] <... openat resumed>) = 5 [pid 3102] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3104] <... mount resumed>) = 0 [pid 3104] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3103] ioctl(5, LOOP_SET_FD, 3 [pid 3104] <... futex resumed>) = 1 [pid 3103] <... ioctl resumed>) = 0 [pid 3102] <... futex resumed>) = 0 [pid 3104] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3103] close(3 [pid 3102] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3104] <... open resumed>) = 6 [pid 3103] <... close resumed>) = 0 [pid 3102] <... futex resumed>) = 0 [pid 3104] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3102] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3103] close(5 [pid 3104] <... futex resumed>) = 0 [pid 3102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3104] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3102] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3103] <... close resumed>) = 0 [pid 3103] mkdir(0x200000c0, 0777 [pid 3102] <... futex resumed>) = 0 [pid 3102] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3104] <... mmap resumed>) = 0x20000000 [pid 3104] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3102] <... futex resumed>) = 0 [pid 3104] memfd_create("syzkaller", 0 [pid 3102] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3104] <... memfd_create resumed>) = 3 [pid 3102] <... futex resumed>) = 0 [pid 3104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3103] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 3103] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3103] ioctl(5, LOOP_CLR_FD) = 0 [pid 3103] close(5) = 0 [pid 3103] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3103] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3104] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3104] munmap(0x7f22d9170000, 138412032) = 0 [pid 3104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3104] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3104] ioctl(5, LOOP_CLR_FD) = 0 [pid 3104] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3104] close(5) = 0 [pid 3104] close(3) = 0 [pid 3104] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3104] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3102] exit_group(0 [pid 3103] <... futex resumed>) = ? [pid 3102] <... exit_group resumed>) = ? [pid 3104] <... futex resumed>) = ? [pid 3103] +++ exited with 0 +++ [pid 3104] +++ exited with 0 +++ [pid 3102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3102, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./868", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./868", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./868/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./868/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./868/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./868/bus") = 0 umount2("./868/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./868/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./868/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./868") = 0 mkdir("./869", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3105 ./strace-static-x86_64: Process 3105 attached [pid 3105] set_robust_list(0x5555564336a0, 24) = 0 [pid 3105] chdir("./869") = 0 [pid 3105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3105] setpgid(0, 0) = 0 [pid 3105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3105] write(3, "1000", 4) = 4 [pid 3105] close(3) = 0 [ 67.253142][ T3103] loop0: detected capacity change from 0 to 512 [pid 3105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3105] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3105] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3106]}, 88) = 3106 [pid 3105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3105] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3105] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3107]}, 88) = 3107 [pid 3105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3105] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3107 attached [pid 3107] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3107] creat("./bus", 000) = 3 [pid 3107] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3105] <... futex resumed>) = 0 [pid 3105] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3107] <... futex resumed>) = 1 [pid 3107] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3107] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3105] <... futex resumed>) = 0 [pid 3105] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3107] <... futex resumed>) = 1 [pid 3107] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3107] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3105] <... futex resumed>) = 0 [pid 3105] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3107] <... futex resumed>) = 1 [pid 3107] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3107] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3105] <... futex resumed>) = 0 [pid 3105] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3107] <... futex resumed>) = 1 [pid 3107] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3107] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3106 attached [pid 3106] +++ killed by SIGBUS +++ [pid 3105] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3105, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./869", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./869", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./869/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./869/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./869/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./869/bus") = 0 umount2("./869/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./869/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./869/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./869") = 0 mkdir("./870", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3108 ./strace-static-x86_64: Process 3108 attached [pid 3108] set_robust_list(0x5555564336a0, 24) = 0 [pid 3108] chdir("./870") = 0 [pid 3108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3108] setpgid(0, 0) = 0 [pid 3108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3108] write(3, "1000", 4) = 4 [pid 3108] close(3) = 0 [pid 3108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3108] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3108] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3108] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3109 attached => {parent_tid=[3109]}, 88) = 3109 [pid 3109] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3109] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3108] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3109] <... futex resumed>) = 0 [pid 3109] memfd_create("syzkaller", 0) = 3 [pid 3109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3108] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3109] <... write resumed>) = 262144 [pid 3108] <... mmap resumed>) = 0x7f22d914f000 [pid 3108] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3110]}, 88) = 3110 [pid 3108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3108] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3108] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3110 attached [pid 3110] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3110] creat("./bus", 000) = 4 [pid 3110] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3108] <... futex resumed>) = 0 [pid 3108] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3108] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3110] <... futex resumed>) = 1 [pid 3110] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3109] munmap(0x7f22d9170000, 138412032 [pid 3110] <... mount resumed>) = 0 [pid 3110] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3109] <... munmap resumed>) = 0 [pid 3110] <... futex resumed>) = 1 [pid 3109] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3108] <... futex resumed>) = 0 [pid 3108] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3108] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3110] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3109] <... openat resumed>) = 5 [pid 3110] <... open resumed>) = 6 [pid 3109] ioctl(5, LOOP_SET_FD, 3 [pid 3110] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3109] <... ioctl resumed>) = 0 [pid 3110] <... futex resumed>) = 1 [pid 3109] close(3 [pid 3108] <... futex resumed>) = 0 [pid 3110] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3109] <... close resumed>) = 0 [pid 3108] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3108] <... futex resumed>) = 0 [pid 3109] close(5 [pid 3110] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3108] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3109] <... close resumed>) = 0 [pid 3109] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3109] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3109] ioctl(3, LOOP_CLR_FD) = 0 [pid 3109] close(3 [pid 3110] <... mmap resumed>) = 0x20000000 [pid 3110] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3108] <... futex resumed>) = 0 [pid 3110] memfd_create("syzkaller", 0 [pid 3108] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3110] <... memfd_create resumed>) = 3 [pid 3108] <... futex resumed>) = 0 [pid 3110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3109] <... close resumed>) = 0 [pid 3109] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3109] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3110] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3110] munmap(0x7f22d9170000, 138412032) = 0 [pid 3110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3110] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3110] ioctl(5, LOOP_CLR_FD) = 0 [pid 3110] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3110] close(5) = 0 [pid 3110] close(3) = 0 [pid 3110] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3110] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3108] exit_group(0 [pid 3109] <... futex resumed>) = ? [pid 3108] <... exit_group resumed>) = ? [pid 3109] +++ exited with 0 +++ [pid 3110] <... futex resumed>) = ? [pid 3110] +++ exited with 0 +++ [pid 3108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3108, si_uid=0, si_status=0, si_utime=1, si_stime=0} --- umount2("./870", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./870", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./870/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./870/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./870/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./870/bus") = 0 umount2("./870/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./870/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./870/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./870") = 0 mkdir("./871", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3111 ./strace-static-x86_64: Process 3111 attached [pid 3111] set_robust_list(0x5555564336a0, 24) = 0 [pid 3111] chdir("./871") = 0 [pid 3111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3111] setpgid(0, 0) = 0 [pid 3111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3111] write(3, "1000", 4) = 4 [pid 3111] close(3) = 0 [pid 3111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3111] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3111] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3111] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3112 attached => {parent_tid=[3112]}, 88) = 3112 [pid 3112] set_robust_list(0x7f22e15909a0, 24 [ 67.334250][ T3109] loop0: detected capacity change from 0 to 512 [pid 3111] rt_sigprocmask(SIG_SETMASK, [], [pid 3112] <... set_robust_list resumed>) = 0 [pid 3111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3112] rt_sigprocmask(SIG_SETMASK, [], [pid 3111] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3111] <... futex resumed>) = 0 [pid 3111] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3112] memfd_create("syzkaller", 0 [pid 3111] <... futex resumed>) = 0 [pid 3112] <... memfd_create resumed>) = 3 [pid 3112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3111] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3112] <... mmap resumed>) = 0x7f22d914f000 [pid 3111] <... mprotect resumed>) = 0 [pid 3111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3113 attached [pid 3113] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3113] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3111] <... clone3 resumed> => {parent_tid=[3113]}, 88) = 3113 [pid 3111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3111] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3113] <... futex resumed>) = 0 [pid 3113] creat("./bus", 000 [pid 3111] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3113] <... creat resumed>) = 4 [pid 3113] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3113] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3111] <... futex resumed>) = 0 [pid 3111] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3113] <... futex resumed>) = 0 [pid 3113] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3111] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3113] <... mount resumed>) = 0 [pid 3113] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3111] <... futex resumed>) = 0 [pid 3113] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3111] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3111] <... futex resumed>) = 0 [pid 3113] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3111] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3113] <... open resumed>) = 5 [pid 3113] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3111] <... futex resumed>) = 0 [pid 3111] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3111] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3113] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3112] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000da1} --- [pid 3113] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3111] <... futex resumed>) = 0 [pid 3113] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3111] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3111] <... futex resumed>) = 0 [pid 3113] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3113] +++ killed by SIGBUS +++ [pid 3112] +++ killed by SIGBUS +++ [pid 3111] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3111, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./871", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./871", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./871/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./871/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./871/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./871/bus") = 0 umount2("./871/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./871/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./871/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./871") = 0 mkdir("./872", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3114 ./strace-static-x86_64: Process 3114 attached [pid 3114] set_robust_list(0x5555564336a0, 24) = 0 [pid 3114] chdir("./872") = 0 [pid 3114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3114] setpgid(0, 0) = 0 [pid 3114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3114] write(3, "1000", 4) = 4 [pid 3114] close(3) = 0 [pid 3114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3114] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3114] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3114] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3115]}, 88) = 3115 [pid 3114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3114] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3114] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3114] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 3115 attached ) = 0 [pid 3114] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3115] set_robust_list(0x7f22e15909a0, 24 [pid 3114] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3116 attached [pid 3115] <... set_robust_list resumed>) = 0 [pid 3114] <... clone3 resumed> => {parent_tid=[3116]}, 88) = 3116 [pid 3114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3114] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3114] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3115] memfd_create("syzkaller", 0) = 3 [pid 3115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3116] set_robust_list(0x7f22e156f9a0, 24 [pid 3115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3116] <... set_robust_list resumed>) = 0 [pid 3116] rt_sigprocmask(SIG_SETMASK, [], [pid 3115] <... write resumed>) = 262144 [pid 3116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3115] munmap(0x7f22d914f000, 138412032) = 0 [pid 3116] creat("./bus", 000 [pid 3115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3115] ioctl(5, LOOP_SET_FD, 3 [pid 3116] <... creat resumed>) = 4 [pid 3116] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3115] <... ioctl resumed>) = 0 [pid 3116] <... futex resumed>) = 1 [pid 3115] close(3 [pid 3114] <... futex resumed>) = 0 [pid 3116] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3115] <... close resumed>) = 0 [pid 3114] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3116] <... mount resumed>) = 0 [pid 3114] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3115] close(5 [pid 3116] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3115] <... close resumed>) = 0 [pid 3114] <... futex resumed>) = 0 [pid 3114] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3116] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3115] mkdir("./file0", 0777 [pid 3114] <... futex resumed>) = 0 [pid 3114] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3116] <... open resumed>) = 3 [pid 3116] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3114] <... futex resumed>) = 0 [pid 3116] <... futex resumed>) = 1 [pid 3116] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3114] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3115] <... mkdir resumed>) = 0 [pid 3114] <... futex resumed>) = 0 [pid 3114] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3116] <... mmap resumed>) = 0x20000000 [pid 3115] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 3116] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3114] <... futex resumed>) = 0 [pid 3116] <... futex resumed>) = 1 [pid 3116] memfd_create("syzkaller", 0 [pid 3115] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 3114] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3116] <... memfd_create resumed>) = 5 [pid 3115] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3115] <... openat resumed>) = 6 [pid 3115] ioctl(6, LOOP_CLR_FD) = 0 [pid 3115] close(6) = 0 [pid 3115] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3115] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3116] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3116] munmap(0x7f22d914f000, 138412032) = 0 [pid 3116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3116] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3116] ioctl(6, LOOP_CLR_FD) = 0 [pid 3116] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3116] close(6) = 0 [pid 3116] close(5) = 0 [pid 3116] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3116] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3114] exit_group(0 [pid 3116] <... futex resumed>) = ? [pid 3115] <... futex resumed>) = ? [pid 3114] <... exit_group resumed>) = ? [pid 3115] +++ exited with 0 +++ [pid 3116] +++ exited with 0 +++ [pid 3114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3114, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./872", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./872", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./872/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./872/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./872/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./872/bus") = 0 umount2("./872/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./872/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./872/binderfs") = 0 umount2("./872/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./872/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./872/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./872/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./872/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./872") = 0 mkdir("./873", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3117 ./strace-static-x86_64: Process 3117 attached [pid 3117] set_robust_list(0x5555564336a0, 24) = 0 [pid 3117] chdir("./873") = 0 [pid 3117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3117] setpgid(0, 0) = 0 [pid 3117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3117] write(3, "1000", 4) = 4 [pid 3117] close(3) = 0 [pid 3117] symlink("/dev/binderfs", "./binderfs") = 0 [ 67.416239][ T3115] loop0: detected capacity change from 0 to 512 [pid 3117] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3117] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3117] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3118 attached [pid 3118] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3118] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3117] <... clone3 resumed> => {parent_tid=[3118]}, 88) = 3118 [pid 3117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3117] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3118] <... futex resumed>) = 0 [pid 3117] <... futex resumed>) = 1 [pid 3117] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3118] memfd_create("syzkaller", 0) = 3 [pid 3118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3117] <... futex resumed>) = 0 [pid 3117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3117] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3119]}, 88) = 3119 [pid 3117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3117] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3117] <... futex resumed>) = 0 [pid 3117] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3118] <... write resumed>) = 262144 [pid 3118] munmap(0x7f22d9170000, 138412032./strace-static-x86_64: Process 3119 attached [pid 3119] set_robust_list(0x7f22d916f9a0, 24 [pid 3118] <... munmap resumed>) = 0 [pid 3119] <... set_robust_list resumed>) = 0 [pid 3118] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3118] <... openat resumed>) = 4 [pid 3119] creat("./bus", 000 [pid 3118] ioctl(4, LOOP_SET_FD, 3 [pid 3119] <... creat resumed>) = 5 [pid 3119] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3119] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3118] <... ioctl resumed>) = 0 [pid 3117] <... futex resumed>) = 0 [pid 3118] close(3) = 0 [pid 3118] close(4 [pid 3117] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3118] <... close resumed>) = 0 [pid 3118] mkdir("./file0", 0777) = 0 [pid 3118] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3117] <... futex resumed>) = 1 [pid 3117] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3119] <... futex resumed>) = 0 [pid 3119] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3119] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3117] <... futex resumed>) = 0 [pid 3117] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3117] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3119] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 3119] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3119] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3117] <... futex resumed>) = 0 [pid 3117] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3119] <... futex resumed>) = 0 [pid 3117] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3119] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3118] <... mount resumed>) = 0 [pid 3118] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3118] ioctl(4, LOOP_CLR_FD) = 0 [pid 3118] close(4 [pid 3119] <... mmap resumed>) = 0x20000000 [pid 3118] <... close resumed>) = 0 [pid 3118] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3118] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3119] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3117] <... futex resumed>) = 0 [pid 3119] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3117] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3118] <... futex resumed>) = 0 [pid 3118] memfd_create("syzkaller", 0) = 4 [pid 3118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3118] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3118] munmap(0x7f22d9170000, 138412032) = 0 [pid 3118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3118] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3118] ioctl(6, LOOP_CLR_FD) = 0 [pid 3118] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3118] close(6) = 0 [pid 3118] close(4) = 0 [pid 3118] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3118] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3117] exit_group(0 [pid 3119] <... futex resumed>) = ? [pid 3117] <... exit_group resumed>) = ? [pid 3119] +++ exited with 0 +++ [pid 3118] <... futex resumed>) = ? [pid 3118] +++ exited with 0 +++ [pid 3117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3117, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./873", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./873", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./873/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./873/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./873/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./873/bus") = 0 umount2("./873/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./873/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./873/binderfs") = 0 [ 67.486492][ T3118] loop0: detected capacity change from 0 to 512 [ 67.498111][ T3118] EXT4-fs (loop0): 1 truncate cleaned up [ 67.504111][ T3118] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./873/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./873/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./873/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./873/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./873/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./873/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./873") = 0 mkdir("./874", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3121 ./strace-static-x86_64: Process 3121 attached [pid 3121] set_robust_list(0x5555564336a0, 24) = 0 [pid 3121] chdir("./874") = 0 [pid 3121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3121] setpgid(0, 0) = 0 [pid 3121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3121] write(3, "1000", 4) = 4 [pid 3121] close(3) = 0 [pid 3121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3121] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3121] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3121] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3122]}, 88) = 3122 [pid 3121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3121] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3121] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3121] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3123]}, 88) = 3123 ./strace-static-x86_64: Process 3123 attached [pid 3121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3121] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3121] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3122 attached [pid 3122] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3123] set_robust_list(0x7f22e156f9a0, 24 [pid 3122] memfd_create("syzkaller", 0 [pid 3123] <... set_robust_list resumed>) = 0 [pid 3123] rt_sigprocmask(SIG_SETMASK, [], [pid 3122] <... memfd_create resumed>) = 3 [pid 3123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3123] creat("./bus", 000 [pid 3122] <... mmap resumed>) = 0x7f22d914f000 [pid 3123] <... creat resumed>) = 4 [pid 3123] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3123] <... futex resumed>) = 1 [pid 3121] <... futex resumed>) = 0 [pid 3121] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3121] <... futex resumed>) = 0 [pid 3121] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3123] <... mount resumed>) = 0 [pid 3123] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3121] <... futex resumed>) = 0 [pid 3121] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3121] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3123] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3123] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3121] <... futex resumed>) = 0 [pid 3121] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3121] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3123] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3123] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3121] <... futex resumed>) = 0 [pid 3121] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3123] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3122] <... write resumed>) = 262144 [pid 3123] +++ killed by SIGBUS +++ [pid 3122] +++ killed by SIGBUS +++ [pid 3121] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3121, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./874", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./874", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./874/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./874/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./874/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./874/bus") = 0 umount2("./874/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./874/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./874/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./874") = 0 mkdir("./875", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3124 attached [pid 3124] set_robust_list(0x5555564336a0, 24 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 3124 [pid 3124] <... set_robust_list resumed>) = 0 [pid 3124] chdir("./875") = 0 [pid 3124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3124] setpgid(0, 0) = 0 [pid 3124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3124] write(3, "1000", 4) = 4 [pid 3124] close(3) = 0 [pid 3124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3124] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3124] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3124] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3125 attached [pid 3125] set_robust_list(0x7f22e15909a0, 24 [pid 3124] <... clone3 resumed> => {parent_tid=[3125]}, 88) = 3125 [pid 3125] <... set_robust_list resumed>) = 0 [pid 3124] rt_sigprocmask(SIG_SETMASK, [], [pid 3125] rt_sigprocmask(SIG_SETMASK, [], [pid 3124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3124] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3125] memfd_create("syzkaller", 0 [pid 3124] <... futex resumed>) = 0 [pid 3124] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3125] <... memfd_create resumed>) = 3 [pid 3124] <... futex resumed>) = 0 [pid 3125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3125] <... mmap resumed>) = 0x7f22d914f000 [pid 3124] <... mmap resumed>) = 0x7f22e154f000 [pid 3124] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3126 attached => {parent_tid=[3126]}, 88) = 3126 [pid 3126] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3126] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3124] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3126] <... futex resumed>) = 0 [pid 3126] creat("./bus", 000 [pid 3124] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3126] <... creat resumed>) = 4 [pid 3126] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3126] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3124] <... futex resumed>) = 0 [pid 3124] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3126] <... futex resumed>) = 0 [pid 3126] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3124] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3126] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3124] <... futex resumed>) = 0 [pid 3126] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3124] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3124] <... futex resumed>) = 0 [pid 3126] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3124] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3126] <... open resumed>) = 5 [pid 3126] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3124] <... futex resumed>) = 0 [pid 3126] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3124] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3124] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3125] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dc3} --- [pid 3126] <... mmap resumed>) = 0x20000000 [pid 3124] <... futex resumed>) = ? [pid 3126] +++ killed by SIGBUS +++ [pid 3125] +++ killed by SIGBUS +++ [pid 3124] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3124, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./875", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./875", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 [ 67.556698][ T293] EXT4-fs (loop0): unmounting filesystem. umount2("./875/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./875/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./875/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./875/bus") = 0 umount2("./875/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./875/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./875/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./875") = 0 mkdir("./876", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3127 ./strace-static-x86_64: Process 3127 attached [pid 3127] set_robust_list(0x5555564336a0, 24) = 0 [pid 3127] chdir("./876") = 0 [pid 3127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3127] setpgid(0, 0) = 0 [pid 3127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3127] write(3, "1000", 4) = 4 [pid 3127] close(3) = 0 [pid 3127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3127] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3127] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3127] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3127] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3128]}, 88) = 3128 [pid 3127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3127] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3127] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3127] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3129 attached => {parent_tid=[3129]}, 88) = 3129 [pid 3127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3127] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3127] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3128 attached [pid 3128] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3128] memfd_create("syzkaller", 0 [pid 3129] set_robust_list(0x7f22e156f9a0, 24 [pid 3128] <... memfd_create resumed>) = 3 [pid 3128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3129] <... set_robust_list resumed>) = 0 [pid 3129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3129] creat("./bus", 000) = 4 [pid 3129] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3129] <... futex resumed>) = 1 [pid 3127] <... futex resumed>) = 0 [pid 3127] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3127] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3129] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3129] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3127] <... futex resumed>) = 0 [pid 3127] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3129] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3127] <... futex resumed>) = 0 [pid 3127] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3129] <... open resumed>) = 5 [pid 3129] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3128] <... write resumed>) = 262144 [pid 3128] munmap(0x7f22d914f000, 138412032 [pid 3129] <... futex resumed>) = 1 [pid 3127] <... futex resumed>) = 0 [pid 3127] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3127] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3128] <... munmap resumed>) = 0 [pid 3128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3128] ioctl(6, LOOP_SET_FD, 3 [pid 3129] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3128] <... ioctl resumed>) = 0 [pid 3128] close(3) = 0 [pid 3128] close(6 [pid 3129] <... mmap resumed>) = 0x20000000 [pid 3128] <... close resumed>) = 0 [pid 3128] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3128] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3128] ioctl(3, LOOP_CLR_FD) = 0 [pid 3128] close(3) = 0 [pid 3128] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3128] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3129] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3127] <... futex resumed>) = 0 [pid 3127] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3128] <... futex resumed>) = 0 [pid 3128] memfd_create("syzkaller", 0 [pid 3129] <... futex resumed>) = 1 [pid 3129] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3128] <... memfd_create resumed>) = 3 [pid 3128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3128] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3128] munmap(0x7f22d914f000, 138412032) = 0 [pid 3128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3128] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3128] ioctl(6, LOOP_CLR_FD) = 0 [pid 3128] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3128] close(6) = 0 [pid 3128] close(3) = 0 [pid 3128] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3127] exit_group(0 [pid 3129] <... futex resumed>) = ? [pid 3127] <... exit_group resumed>) = ? [pid 3129] +++ exited with 0 +++ [pid 3128] <... futex resumed>) = ? [pid 3128] +++ exited with 0 +++ [pid 3127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3127, si_uid=0, si_status=0, si_utime=1, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./876", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./876", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./876/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./876/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./876/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./876/bus") = 0 umount2("./876/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./876/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./876/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./876") = 0 mkdir("./877", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3131 ./strace-static-x86_64: Process 3131 attached [pid 3131] set_robust_list(0x5555564336a0, 24) = 0 [pid 3131] chdir("./877") = 0 [pid 3131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3131] setpgid(0, 0) = 0 [pid 3131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3131] write(3, "1000", 4) = 4 [pid 3131] close(3) = 0 [pid 3131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3131] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3131] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3131] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3132 attached [pid 3132] set_robust_list(0x7f22e15909a0, 24 [pid 3131] <... clone3 resumed> => {parent_tid=[3132]}, 88) = 3132 [pid 3132] <... set_robust_list resumed>) = 0 [pid 3131] rt_sigprocmask(SIG_SETMASK, [], [pid 3132] rt_sigprocmask(SIG_SETMASK, [], [pid 3131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3131] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3131] <... futex resumed>) = 0 [pid 3131] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3132] memfd_create("syzkaller", 0 [pid 3131] <... futex resumed>) = 0 [pid 3132] <... memfd_create resumed>) = 3 [pid 3131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3131] <... mmap resumed>) = 0x7f22e154f000 [pid 3131] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3132] <... mmap resumed>) = 0x7f22d914f000 [pid 3131] <... mprotect resumed>) = 0 [pid 3131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3133]}, 88) = 3133 ./strace-static-x86_64: Process 3133 attached [pid 3133] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3133] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3131] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3133] <... futex resumed>) = 0 [pid 3133] creat("./bus", 000 [pid 3131] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3133] <... creat resumed>) = 4 [pid 3133] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3131] <... futex resumed>) = 0 [pid 3131] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3133] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3131] <... futex resumed>) = 0 [ 67.629685][ T3128] loop0: detected capacity change from 0 to 512 [pid 3131] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3133] <... mount resumed>) = 0 [pid 3133] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3131] <... futex resumed>) = 0 [pid 3133] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3131] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3131] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3133] <... open resumed>) = 5 [pid 3133] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3131] <... futex resumed>) = 0 [pid 3133] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3131] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3131] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3133] <... mmap resumed>) = 0x20000000 [pid 3133] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3132] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d89} --- [pid 3133] <... futex resumed>) = ? [pid 3131] <... futex resumed>) = ? [pid 3132] +++ killed by SIGBUS +++ [pid 3133] +++ killed by SIGBUS +++ [pid 3131] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3131, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./877", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./877", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./877/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./877/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./877/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./877/bus") = 0 umount2("./877/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./877/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./877/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./877") = 0 mkdir("./878", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3134 ./strace-static-x86_64: Process 3134 attached [pid 3134] set_robust_list(0x5555564336a0, 24) = 0 [pid 3134] chdir("./878") = 0 [pid 3134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3134] setpgid(0, 0) = 0 [pid 3134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3134] write(3, "1000", 4) = 4 [pid 3134] close(3) = 0 [pid 3134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3134] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3134] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3134] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3135 attached [pid 3135] set_robust_list(0x7f22e15909a0, 24 [pid 3134] <... clone3 resumed> => {parent_tid=[3135]}, 88) = 3135 [pid 3134] rt_sigprocmask(SIG_SETMASK, [], [pid 3135] <... set_robust_list resumed>) = 0 [pid 3135] rt_sigprocmask(SIG_SETMASK, [], [pid 3134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3134] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3134] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3135] memfd_create("syzkaller", 0 [pid 3134] <... futex resumed>) = 0 [pid 3134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3135] <... memfd_create resumed>) = 3 [pid 3134] <... mmap resumed>) = 0x7f22e154f000 [pid 3135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3134] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3135] <... mmap resumed>) = 0x7f22d914f000 [pid 3134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3136 attached => {parent_tid=[3136]}, 88) = 3136 [pid 3136] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3136] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3134] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3136] <... futex resumed>) = 0 [pid 3136] creat("./bus", 000 [pid 3134] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3136] <... creat resumed>) = 4 [pid 3136] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3134] <... futex resumed>) = 0 [pid 3136] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3134] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3134] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3136] <... mount resumed>) = 0 [pid 3136] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3134] <... futex resumed>) = 0 [pid 3136] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3134] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3134] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3136] <... open resumed>) = 5 [pid 3136] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3134] <... futex resumed>) = 0 [pid 3136] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3134] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3134] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3136] <... mmap resumed>) = 0x20000000 [pid 3136] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3134] <... futex resumed>) = 0 [pid 3136] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3134] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3134] <... futex resumed>) = 0 [pid 3136] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3136] +++ killed by SIGBUS +++ [pid 3135] +++ killed by SIGBUS +++ [pid 3134] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3134, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./878", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./878", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./878/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./878/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./878/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./878/bus") = 0 umount2("./878/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./878/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./878/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./878") = 0 mkdir("./879", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3137 ./strace-static-x86_64: Process 3137 attached [pid 3137] set_robust_list(0x5555564336a0, 24) = 0 [pid 3137] chdir("./879") = 0 [pid 3137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3137] setpgid(0, 0) = 0 [pid 3137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3137] write(3, "1000", 4) = 4 [pid 3137] close(3) = 0 [pid 3137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3137] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3137] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3137] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3138 attached => {parent_tid=[3138]}, 88) = 3138 [pid 3137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3137] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3137] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3137] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3139 attached => {parent_tid=[3139]}, 88) = 3139 [pid 3139] set_robust_list(0x7f22e156f9a0, 24 [pid 3137] rt_sigprocmask(SIG_SETMASK, [], [pid 3139] <... set_robust_list resumed>) = 0 [pid 3137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3139] rt_sigprocmask(SIG_SETMASK, [], [pid 3137] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3137] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3139] creat("./bus", 000 [pid 3138] set_robust_list(0x7f22e15909a0, 24 [pid 3139] <... creat resumed>) = 3 [pid 3139] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3138] <... set_robust_list resumed>) = 0 [pid 3139] <... futex resumed>) = 1 [pid 3138] rt_sigprocmask(SIG_SETMASK, [], [pid 3137] <... futex resumed>) = 0 [pid 3138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3137] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3139] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3137] <... futex resumed>) = 0 [pid 3138] memfd_create("syzkaller", 0 [pid 3137] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3138] <... memfd_create resumed>) = 4 [pid 3139] <... mount resumed>) = 0 [pid 3138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3139] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3137] <... futex resumed>) = 0 [pid 3139] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3137] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3137] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3139] <... open resumed>) = 5 [pid 3139] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3138] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3137] <... futex resumed>) = 0 [pid 3139] <... futex resumed>) = 1 [pid 3137] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3139] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3137] <... futex resumed>) = 0 [pid 3137] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3139] <... mmap resumed>) = 0x20000000 [pid 3139] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3138] <... write resumed>) = 262144 [pid 3139] <... futex resumed>) = 1 [pid 3137] <... futex resumed>) = 0 [pid 3137] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3139] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3137] <... futex resumed>) = 0 [pid 3139] +++ killed by SIGBUS +++ [pid 3138] +++ killed by SIGBUS +++ [pid 3137] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3137, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./879", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./879", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./879/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./879/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./879/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./879/bus") = 0 umount2("./879/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./879/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./879/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./879") = 0 mkdir("./880", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3140 ./strace-static-x86_64: Process 3140 attached [pid 3140] set_robust_list(0x5555564336a0, 24) = 0 [pid 3140] chdir("./880") = 0 [pid 3140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3140] setpgid(0, 0) = 0 [pid 3140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3140] write(3, "1000", 4) = 4 [pid 3140] close(3) = 0 [pid 3140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3140] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3140] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3140] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3141 attached [pid 3141] set_robust_list(0x7f22e15909a0, 24 [pid 3140] <... clone3 resumed> => {parent_tid=[3141]}, 88) = 3141 [pid 3141] <... set_robust_list resumed>) = 0 [pid 3140] rt_sigprocmask(SIG_SETMASK, [], [pid 3141] rt_sigprocmask(SIG_SETMASK, [], [pid 3140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3140] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3141] memfd_create("syzkaller", 0 [pid 3140] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3141] <... memfd_create resumed>) = 3 [pid 3141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3141] <... mmap resumed>) = 0x7f22d914f000 [pid 3140] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3142]}, 88) = 3142 [pid 3140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3140] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3140] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3142 attached [pid 3141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3142] set_robust_list(0x7f22e156f9a0, 24 [pid 3141] <... write resumed>) = 262144 [pid 3142] <... set_robust_list resumed>) = 0 [pid 3141] munmap(0x7f22d914f000, 138412032 [pid 3142] rt_sigprocmask(SIG_SETMASK, [], [pid 3141] <... munmap resumed>) = 0 [pid 3142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3141] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3142] creat("./bus", 000 [pid 3141] <... openat resumed>) = 4 [pid 3141] ioctl(4, LOOP_SET_FD, 3 [pid 3142] <... creat resumed>) = 5 [pid 3142] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3140] <... futex resumed>) = 0 [pid 3140] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3140] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3142] <... futex resumed>) = 1 [pid 3142] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3142] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3140] <... futex resumed>) = 0 [pid 3140] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3140] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3142] <... futex resumed>) = 1 [pid 3142] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3142] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3140] <... futex resumed>) = 0 [pid 3140] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3140] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3142] <... futex resumed>) = 1 [pid 3142] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3141] <... ioctl resumed>) = 0 [pid 3141] close(3) = 0 [pid 3141] close(4) = 0 [pid 3141] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3141] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3141] ioctl(3, LOOP_CLR_FD) = 0 [pid 3141] close(3) = 0 [pid 3141] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3141] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3142] <... mmap resumed>) = 0x20000000 [pid 3142] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3142] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3140] <... futex resumed>) = 0 [pid 3140] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3141] <... futex resumed>) = 0 [pid 3141] memfd_create("syzkaller", 0) = 3 [pid 3141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3141] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3141] munmap(0x7f22d914f000, 138412032) = 0 [pid 3141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3141] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3141] ioctl(4, LOOP_CLR_FD) = 0 [pid 3141] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3141] close(4) = 0 [pid 3141] close(3) = 0 [pid 3141] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3141] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3140] exit_group(0 [pid 3142] <... futex resumed>) = ? [pid 3141] <... futex resumed>) = ? [pid 3140] <... exit_group resumed>) = ? [pid 3142] +++ exited with 0 +++ [pid 3141] +++ exited with 0 +++ [pid 3140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3140, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./880", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./880", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./880/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./880/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./880/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./880/bus") = 0 umount2("./880/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./880/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./880/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./880") = 0 mkdir("./881", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 67.740235][ T3141] loop0: detected capacity change from 0 to 512 [ 67.746745][ T3142] Buffer I/O error on dev loop0, logical block 0, async page read clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3143 ./strace-static-x86_64: Process 3143 attached [pid 3143] set_robust_list(0x5555564336a0, 24) = 0 [pid 3143] chdir("./881") = 0 [pid 3143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3143] setpgid(0, 0) = 0 [pid 3143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3143] write(3, "1000", 4) = 4 [pid 3143] close(3) = 0 [pid 3143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3143] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3143] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3143] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3144 attached [pid 3144] set_robust_list(0x7f22e15909a0, 24 [pid 3143] <... clone3 resumed> => {parent_tid=[3144]}, 88) = 3144 [pid 3143] rt_sigprocmask(SIG_SETMASK, [], [pid 3144] <... set_robust_list resumed>) = 0 [pid 3143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3144] rt_sigprocmask(SIG_SETMASK, [], [pid 3143] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3143] <... futex resumed>) = 0 [pid 3143] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3144] memfd_create("syzkaller", 0 [pid 3143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3143] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3144] <... memfd_create resumed>) = 3 [pid 3144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3143] <... mprotect resumed>) = 0 [pid 3143] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3144] <... mmap resumed>) = 0x7f22d914f000 [pid 3143] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3145 attached => {parent_tid=[3145]}, 88) = 3145 [pid 3143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3143] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3143] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3145] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3145] creat("./bus", 000 [pid 3144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3145] <... creat resumed>) = 4 [pid 3145] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3143] <... futex resumed>) = 0 [pid 3144] <... write resumed>) = 262144 [pid 3143] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3144] munmap(0x7f22d914f000, 138412032 [pid 3145] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3143] <... futex resumed>) = 0 [pid 3144] <... munmap resumed>) = 0 [pid 3143] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3144] ioctl(5, LOOP_SET_FD, 3 [pid 3145] <... mount resumed>) = 0 [pid 3145] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3145] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3143] <... futex resumed>) = 0 [pid 3143] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3143] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3145] <... futex resumed>) = 0 [pid 3145] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3145] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3143] <... futex resumed>) = 0 [pid 3143] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3143] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3145] <... futex resumed>) = 1 [pid 3145] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3144] <... ioctl resumed>) = 0 [pid 3144] close(3) = 0 [pid 3144] close(5 [pid 3145] <... mmap resumed>) = 0x20000000 [pid 3145] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3143] <... futex resumed>) = 0 [pid 3143] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3145] <... futex resumed>) = 1 [pid 3145] memfd_create("syzkaller", 0) = 3 [pid 3145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3144] <... close resumed>) = 0 [pid 3144] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3144] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3144] ioctl(5, LOOP_CLR_FD) = 0 [pid 3144] close(5) = 0 [pid 3144] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3144] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3145] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3145] munmap(0x7f22d914f000, 138412032) = 0 [pid 3145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3145] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3145] ioctl(5, LOOP_CLR_FD) = 0 [pid 3145] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3145] close(5) = 0 [pid 3145] close(3) = 0 [pid 3145] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3145] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3143] exit_group(0) = ? [pid 3145] <... futex resumed>) = ? [pid 3145] +++ exited with 0 +++ [pid 3144] <... futex resumed>) = ? [pid 3144] +++ exited with 0 +++ [pid 3143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3143, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./881", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./881", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./881/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./881/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./881/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./881/bus") = 0 umount2("./881/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./881/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./881/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./881") = 0 mkdir("./882", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3146 ./strace-static-x86_64: Process 3146 attached [pid 3146] set_robust_list(0x5555564336a0, 24) = 0 [pid 3146] chdir("./882") = 0 [pid 3146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3146] setpgid(0, 0) = 0 [pid 3146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3146] write(3, "1000", 4) = 4 [pid 3146] close(3) = 0 [pid 3146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3146] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3146] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3146] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3147 attached [pid 3147] set_robust_list(0x7f22e15909a0, 24 [pid 3146] <... clone3 resumed> => {parent_tid=[3147]}, 88) = 3147 [pid 3147] <... set_robust_list resumed>) = 0 [pid 3147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 67.830556][ T3144] loop0: detected capacity change from 0 to 512 [pid 3147] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3146] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3147] <... futex resumed>) = 0 [pid 3146] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3147] memfd_create("syzkaller", 0 [pid 3146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3147] <... memfd_create resumed>) = 3 [pid 3147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3146] <... mmap resumed>) = 0x7f22d914f000 [pid 3146] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3148]}, 88) = 3148 [pid 3146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3146] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3146] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3148 attached [pid 3148] set_robust_list(0x7f22d916f9a0, 24 [pid 3147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3148] <... set_robust_list resumed>) = 0 [pid 3148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3148] creat("./bus", 000) = 4 [pid 3147] <... write resumed>) = 262144 [pid 3147] munmap(0x7f22d9170000, 138412032 [pid 3148] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3146] <... futex resumed>) = 0 [pid 3146] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3147] <... munmap resumed>) = 0 [pid 3146] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3147] ioctl(5, LOOP_SET_FD, 3 [pid 3148] <... futex resumed>) = 1 [pid 3148] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3148] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3146] <... futex resumed>) = 0 [pid 3146] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3146] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3148] <... futex resumed>) = 1 [pid 3148] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3148] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3146] <... futex resumed>) = 0 [pid 3146] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3146] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3148] <... futex resumed>) = 1 [pid 3148] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3147] <... ioctl resumed>) = 0 [pid 3147] close(3) = 0 [pid 3147] close(5) = 0 [pid 3147] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3147] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3147] ioctl(3, LOOP_CLR_FD) = 0 [pid 3147] close(3) = 0 [pid 3147] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3147] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3148] <... mmap resumed>) = 0x20000000 [pid 3148] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3146] <... futex resumed>) = 0 [pid 3146] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3147] <... futex resumed>) = 0 [pid 3147] memfd_create("syzkaller", 0) = 3 [pid 3147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3148] <... futex resumed>) = 1 [pid 3148] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3147] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3147] munmap(0x7f22d9170000, 138412032) = 0 [pid 3147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3147] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3147] ioctl(5, LOOP_CLR_FD) = 0 [pid 3147] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3147] close(5) = 0 [pid 3147] close(3) = 0 [pid 3147] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3147] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3146] exit_group(0 [pid 3148] <... futex resumed>) = ? [pid 3146] <... exit_group resumed>) = ? [pid 3148] +++ exited with 0 +++ [pid 3147] <... futex resumed>) = ? [pid 3147] +++ exited with 0 +++ [pid 3146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3146, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./882", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./882", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./882/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./882/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./882/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./882/bus") = 0 umount2("./882/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./882/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./882/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./882") = 0 mkdir("./883", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3149 ./strace-static-x86_64: Process 3149 attached [pid 3149] set_robust_list(0x5555564336a0, 24) = 0 [pid 3149] chdir("./883") = 0 [pid 3149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3149] setpgid(0, 0) = 0 [pid 3149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3149] write(3, "1000", 4) = 4 [pid 3149] close(3) = 0 [pid 3149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3149] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3149] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3149] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3150 attached [pid 3150] set_robust_list(0x7f22e15909a0, 24 [pid 3149] <... clone3 resumed> => {parent_tid=[3150]}, 88) = 3150 [pid 3149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3149] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3149] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3149] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3151 attached => {parent_tid=[3151]}, 88) = 3151 [pid 3149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3149] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3149] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3150] <... set_robust_list resumed>) = 0 [pid 3150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3150] memfd_create("syzkaller", 0) = 3 [pid 3150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3151] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3151] creat("./bus", 000) = 4 [pid 3150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3151] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3149] <... futex resumed>) = 0 [pid 3149] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3149] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3151] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3151] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3150] <... write resumed>) = 262144 [pid 3151] <... futex resumed>) = 1 [pid 3149] <... futex resumed>) = 0 [pid 3149] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3149] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3150] munmap(0x7f22d914f000, 138412032 [pid 3151] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3150] <... munmap resumed>) = 0 [ 67.895881][ T3147] loop0: detected capacity change from 0 to 512 [pid 3150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3150] ioctl(5, LOOP_SET_FD, 3 [pid 3151] <... open resumed>) = 6 [pid 3150] <... ioctl resumed>) = 0 [pid 3150] close(3) = 0 [pid 3150] close(5) = 0 [pid 3150] mkdir("./file0", 0777) = 0 [pid 3150] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3151] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3149] <... futex resumed>) = 0 [pid 3149] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3149] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3151] <... futex resumed>) = 1 [pid 3151] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 3151] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3149] <... futex resumed>) = 0 [pid 3149] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3151] <... futex resumed>) = 1 [pid 3151] memfd_create("syzkaller", 0) = 3 [pid 3151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3150] <... mount resumed>) = 0 [pid 3150] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3150] ioctl(5, LOOP_CLR_FD) = 0 [pid 3150] close(5) = 0 [pid 3150] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3150] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3151] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3151] munmap(0x7f22d914f000, 138412032) = 0 [pid 3151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3151] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3151] ioctl(5, LOOP_CLR_FD) = 0 [pid 3151] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3151] close(5) = 0 [pid 3151] close(3) = 0 [pid 3151] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3151] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3149] exit_group(0) = ? [pid 3150] <... futex resumed>) = ? [pid 3151] <... futex resumed>) = ? [pid 3151] +++ exited with 0 +++ [pid 3150] +++ exited with 0 +++ [pid 3149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3149, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./883", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./883", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./883/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./883/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./883/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./883/bus") = 0 umount2("./883/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./883/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 67.956260][ T3150] loop0: detected capacity change from 0 to 512 [ 67.965800][ T3150] EXT4-fs (loop0): 1 truncate cleaned up [ 67.971684][ T3150] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. unlink("./883/binderfs") = 0 umount2("./883/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./883/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./883/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./883/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./883/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./883/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./883") = 0 mkdir("./884", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3153 ./strace-static-x86_64: Process 3153 attached [pid 3153] set_robust_list(0x5555564336a0, 24) = 0 [pid 3153] chdir("./884") = 0 [pid 3153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3153] setpgid(0, 0) = 0 [pid 3153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3153] write(3, "1000", 4) = 4 [pid 3153] close(3) = 0 [pid 3153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3153] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3153] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3154]}, 88) = 3154 ./strace-static-x86_64: Process 3154 attached [pid 3154] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3154] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3153] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3154] <... futex resumed>) = 0 [pid 3153] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3154] memfd_create("syzkaller", 0) = 3 [pid 3154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3153] <... futex resumed>) = 0 [pid 3153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3153] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3155]}, 88) = 3155 [pid 3153] rt_sigprocmask(SIG_SETMASK, [], [pid 3154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3153] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3155 attached [pid 3154] <... write resumed>) = 262144 [pid 3155] set_robust_list(0x7f22d916f9a0, 24 [pid 3154] munmap(0x7f22d9170000, 138412032 [pid 3155] <... set_robust_list resumed>) = 0 [pid 3154] <... munmap resumed>) = 0 [pid 3155] rt_sigprocmask(SIG_SETMASK, [], [pid 3154] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3155] creat("./bus", 000 [pid 3154] <... openat resumed>) = 4 [pid 3154] ioctl(4, LOOP_SET_FD, 3 [pid 3155] <... creat resumed>) = 5 [pid 3155] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3153] <... futex resumed>) = 0 [pid 3153] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3155] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3155] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3153] <... futex resumed>) = 0 [pid 3153] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3155] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3155] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3153] <... futex resumed>) = 0 [pid 3153] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3155] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3154] <... ioctl resumed>) = 0 [pid 3154] close(3) = 0 [pid 3154] close(4) = 0 [pid 3154] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3154] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3154] ioctl(3, LOOP_CLR_FD) = 0 [pid 3154] close(3) = 0 [pid 3154] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3154] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3155] <... mmap resumed>) = 0x20000000 [pid 3155] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3153] <... futex resumed>) = 0 [pid 3155] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3153] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3154] <... futex resumed>) = 0 [pid 3154] memfd_create("syzkaller", 0) = 3 [pid 3154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3154] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3154] munmap(0x7f22d9170000, 138412032) = 0 [pid 3154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3154] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3154] ioctl(4, LOOP_CLR_FD) = 0 [pid 3154] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3154] close(4) = 0 [pid 3154] close(3) = 0 [pid 3154] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] exit_group(0 [pid 3154] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3155] <... futex resumed>) = ? [pid 3154] <... futex resumed>) = ? [pid 3153] <... exit_group resumed>) = ? [pid 3155] +++ exited with 0 +++ [pid 3154] +++ exited with 0 +++ [pid 3153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3153, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./884", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./884", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 68.008310][ T293] EXT4-fs (loop0): unmounting filesystem. [ 68.038391][ T3154] loop0: detected capacity change from 0 to 512 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./884/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./884/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./884/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./884/bus") = 0 umount2("./884/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./884/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./884/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./884") = 0 mkdir("./885", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3156 ./strace-static-x86_64: Process 3156 attached [pid 3156] set_robust_list(0x5555564336a0, 24) = 0 [pid 3156] chdir("./885") = 0 [pid 3156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3156] setpgid(0, 0) = 0 [pid 3156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3156] write(3, "1000", 4) = 4 [pid 3156] close(3) = 0 [pid 3156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3156] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3156] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3156] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3157]}, 88) = 3157 [pid 3156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3156] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3156] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3156] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3156] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 3157 attached [], 8) = 0 [pid 3156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3158]}, 88) = 3158 [pid 3156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3156] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3156] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3157] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3157] memfd_create("syzkaller", 0./strace-static-x86_64: Process 3158 attached ) = 3 [pid 3157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3158] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3157] <... mmap resumed>) = 0x7f22d914f000 [pid 3158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3158] creat("./bus", 000) = 4 [pid 3158] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3156] <... futex resumed>) = 0 [pid 3156] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3156] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3158] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3158] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3156] <... futex resumed>) = 0 [pid 3156] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3156] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3158] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3158] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3156] <... futex resumed>) = 0 [pid 3156] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3156] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3158] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3157] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000db0} --- [pid 3156] <... futex resumed>) = ? [pid 3158] +++ killed by SIGBUS +++ [pid 3157] +++ killed by SIGBUS +++ [pid 3156] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3156, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./885", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./885", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./885/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./885/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./885/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./885/bus") = 0 umount2("./885/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./885/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./885/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./885") = 0 mkdir("./886", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3159 ./strace-static-x86_64: Process 3159 attached [pid 3159] set_robust_list(0x5555564336a0, 24) = 0 [pid 3159] chdir("./886") = 0 [pid 3159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3159] setpgid(0, 0) = 0 [pid 3159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3159] write(3, "1000", 4) = 4 [pid 3159] close(3) = 0 [pid 3159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3159] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3159] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3159] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3160 attached => {parent_tid=[3160]}, 88) = 3160 [pid 3160] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3160] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3159] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3160] <... futex resumed>) = 0 [pid 3160] memfd_create("syzkaller", 0) = 3 [pid 3159] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3159] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 3160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3159] <... clone3 resumed> => {parent_tid=[3161]}, 88) = 3161 [pid 3159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3159] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3161 attached [pid 3160] <... write resumed>) = 262144 [pid 3161] set_robust_list(0x7f22d916f9a0, 24 [pid 3160] munmap(0x7f22d9170000, 138412032 [pid 3159] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3161] <... set_robust_list resumed>) = 0 [pid 3161] rt_sigprocmask(SIG_SETMASK, [], [pid 3160] <... munmap resumed>) = 0 [pid 3161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3160] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3161] creat("./bus", 000 [pid 3160] <... openat resumed>) = 4 [pid 3160] ioctl(4, LOOP_SET_FD, 3 [pid 3161] <... creat resumed>) = 5 [pid 3161] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3159] <... futex resumed>) = 0 [pid 3159] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3159] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3161] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3161] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3159] <... futex resumed>) = 0 [pid 3159] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3159] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3161] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3161] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3159] <... futex resumed>) = 0 [pid 3159] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3159] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3161] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3160] <... ioctl resumed>) = 0 [pid 3160] close(3) = 0 [pid 3160] close(4) = 0 [pid 3160] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3160] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3160] ioctl(3, LOOP_CLR_FD) = 0 [pid 3160] close(3) = 0 [pid 3160] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3160] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3161] <... mmap resumed>) = 0x20000000 [pid 3161] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3159] <... futex resumed>) = 0 [pid 3159] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3160] <... futex resumed>) = 0 [pid 3160] memfd_create("syzkaller", 0) = 3 [pid 3160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3161] <... futex resumed>) = 1 [pid 3161] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3160] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3160] munmap(0x7f22d9170000, 138412032) = 0 [pid 3160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3160] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3160] ioctl(4, LOOP_CLR_FD) = 0 [pid 3160] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3160] close(4) = 0 [pid 3160] close(3) = 0 [pid 3160] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3160] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3159] exit_group(0 [pid 3161] <... futex resumed>) = ? [pid 3159] <... exit_group resumed>) = ? [pid 3161] +++ exited with 0 +++ [pid 3160] <... futex resumed>) = ? [pid 3160] +++ exited with 0 +++ [pid 3159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3159, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./886", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./886", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./886/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./886/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./886/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./886/bus") = 0 umount2("./886/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./886/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./886/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./886") = 0 mkdir("./887", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3162 ./strace-static-x86_64: Process 3162 attached [pid 3162] set_robust_list(0x5555564336a0, 24) = 0 [pid 3162] chdir("./887") = 0 [pid 3162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3162] setpgid(0, 0) = 0 [pid 3162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3162] write(3, "1000", 4) = 4 [pid 3162] close(3) = 0 [pid 3162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3162] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3162] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3162] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3163 attached [pid 3163] set_robust_list(0x7f22e15909a0, 24 [pid 3162] <... clone3 resumed> => {parent_tid=[3163]}, 88) = 3163 [pid 3163] <... set_robust_list resumed>) = 0 [pid 3162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3163] rt_sigprocmask(SIG_SETMASK, [], [pid 3162] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3162] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3162] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3164]}, 88) = 3164 [pid 3162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3162] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3162] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3164 attached [pid 3164] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3164] creat("./bus", 000 [pid 3163] memfd_create("syzkaller", 0 [pid 3164] <... creat resumed>) = 3 [pid 3164] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3162] <... futex resumed>) = 0 [pid 3162] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3162] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3164] <... futex resumed>) = 1 [pid 3164] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3164] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3162] <... futex resumed>) = 0 [pid 3162] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3162] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3164] <... futex resumed>) = 1 [pid 3164] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3164] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3162] <... futex resumed>) = 0 [pid 3162] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3162] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3164] <... futex resumed>) = 1 [pid 3164] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3164] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3162] <... futex resumed>) = 0 [pid 3162] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3164] <... futex resumed>) = 1 [pid 3163] <... memfd_create resumed>) = 5 [pid 3164] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3163] +++ killed by SIGBUS +++ [pid 3164] +++ killed by SIGBUS +++ [pid 3162] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3162, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./887", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./887", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./887/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./887/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./887/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./887/bus") = 0 umount2("./887/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./887/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./887/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./887") = 0 mkdir("./888", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3165 ./strace-static-x86_64: Process 3165 attached [pid 3165] set_robust_list(0x5555564336a0, 24) = 0 [ 68.139634][ T3160] loop0: detected capacity change from 0 to 512 [pid 3165] chdir("./888") = 0 [pid 3165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3165] setpgid(0, 0) = 0 [pid 3165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3165] write(3, "1000", 4) = 4 [pid 3165] close(3) = 0 [pid 3165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3165] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3165] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3165] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3166 attached [pid 3166] set_robust_list(0x7f22e15909a0, 24 [pid 3165] <... clone3 resumed> => {parent_tid=[3166]}, 88) = 3166 [pid 3166] <... set_robust_list resumed>) = 0 [pid 3165] rt_sigprocmask(SIG_SETMASK, [], [pid 3166] rt_sigprocmask(SIG_SETMASK, [], [pid 3165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3165] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3165] <... futex resumed>) = 0 [pid 3165] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3166] memfd_create("syzkaller", 0 [pid 3165] <... futex resumed>) = 0 [pid 3166] <... memfd_create resumed>) = 3 [pid 3165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3165] <... mmap resumed>) = 0x7f22e154f000 [pid 3165] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3166] <... mmap resumed>) = 0x7f22d914f000 [pid 3165] <... mprotect resumed>) = 0 [pid 3165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3167 attached => {parent_tid=[3167]}, 88) = 3167 [pid 3167] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3167] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3165] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3167] <... futex resumed>) = 0 [pid 3167] creat("./bus", 000 [pid 3165] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3167] <... creat resumed>) = 4 [pid 3167] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3167] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3165] <... futex resumed>) = 0 [pid 3165] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3167] <... futex resumed>) = 0 [pid 3167] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3165] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3167] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3165] <... futex resumed>) = 0 [pid 3167] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3165] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3165] <... futex resumed>) = 0 [pid 3167] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3165] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3167] <... open resumed>) = 5 [pid 3167] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3165] <... futex resumed>) = 0 [pid 3167] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3165] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3165] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3167] <... mmap resumed>) = 0x20000000 [pid 3166] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dc5} --- [pid 3165] <... futex resumed>) = ? [pid 3167] +++ killed by SIGBUS +++ [pid 3166] +++ killed by SIGBUS +++ [pid 3165] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3165, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./888", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./888", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./888/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./888/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./888/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./888/bus") = 0 umount2("./888/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./888/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./888/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./888") = 0 mkdir("./889", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3168 ./strace-static-x86_64: Process 3168 attached [pid 3168] set_robust_list(0x5555564336a0, 24) = 0 [pid 3168] chdir("./889") = 0 [pid 3168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3168] setpgid(0, 0) = 0 [pid 3168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3168] write(3, "1000", 4) = 4 [pid 3168] close(3) = 0 [pid 3168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3168] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3168] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3168] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3168] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3169 attached => {parent_tid=[3169]}, 88) = 3169 [pid 3169] set_robust_list(0x7f22e15909a0, 24 [pid 3168] rt_sigprocmask(SIG_SETMASK, [], [pid 3169] <... set_robust_list resumed>) = 0 [pid 3168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3169] rt_sigprocmask(SIG_SETMASK, [], [pid 3168] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3168] <... futex resumed>) = 0 [pid 3168] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3169] memfd_create("syzkaller", 0 [pid 3168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3169] <... memfd_create resumed>) = 3 [pid 3168] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3168] <... mprotect resumed>) = 0 [pid 3168] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3169] <... mmap resumed>) = 0x7f22d914f000 [pid 3168] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3170 attached => {parent_tid=[3170]}, 88) = 3170 [pid 3170] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3170] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3168] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3170] <... futex resumed>) = 0 [pid 3168] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3170] creat("./bus", 000) = 4 [pid 3170] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3170] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3168] <... futex resumed>) = 0 [pid 3168] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3170] <... futex resumed>) = 0 [pid 3170] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3168] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3170] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3168] <... futex resumed>) = 0 [pid 3170] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3168] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3168] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3170] <... open resumed>) = 5 [pid 3170] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3168] <... futex resumed>) = 0 [pid 3170] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3168] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3168] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3170] <... mmap resumed>) = 0x20000000 [pid 3170] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3169] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dcf} --- [pid 3168] <... futex resumed>) = ? [pid 3170] <... futex resumed>) = ? [pid 3170] +++ killed by SIGBUS +++ [pid 3169] +++ killed by SIGBUS +++ [pid 3168] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3168, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./889", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./889", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./889/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./889/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./889/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./889/bus") = 0 umount2("./889/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./889/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./889/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./889") = 0 mkdir("./890", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3171 ./strace-static-x86_64: Process 3171 attached [pid 3171] set_robust_list(0x5555564336a0, 24) = 0 [pid 3171] chdir("./890") = 0 [pid 3171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3171] setpgid(0, 0) = 0 [pid 3171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3171] write(3, "1000", 4) = 4 [pid 3171] close(3) = 0 [pid 3171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3171] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3171] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3171] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3171] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3172 attached [pid 3172] set_robust_list(0x7f22e15909a0, 24 [pid 3171] <... clone3 resumed> => {parent_tid=[3172]}, 88) = 3172 [pid 3172] <... set_robust_list resumed>) = 0 [pid 3171] rt_sigprocmask(SIG_SETMASK, [], [pid 3172] rt_sigprocmask(SIG_SETMASK, [], [pid 3171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3171] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3172] memfd_create("syzkaller", 0 [pid 3171] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3172] <... memfd_create resumed>) = 3 [pid 3172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3172] <... mmap resumed>) = 0x7f22d914f000 [pid 3171] <... mmap resumed>) = 0x7f22e154f000 [pid 3171] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3173]}, 88) = 3173 [pid 3171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3171] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3171] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3173 attached [pid 3172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3173] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3172] munmap(0x7f22d914f000, 138412032 [pid 3173] rt_sigprocmask(SIG_SETMASK, [], [pid 3172] <... munmap resumed>) = 0 [pid 3173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3172] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3173] creat("./bus", 000 [pid 3172] <... openat resumed>) = 4 [pid 3172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3173] <... creat resumed>) = 5 [pid 3172] close(3 [pid 3173] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3172] <... close resumed>) = 0 [pid 3173] <... futex resumed>) = 1 [pid 3172] close(4 [pid 3171] <... futex resumed>) = 0 [pid 3171] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3171] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3173] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3172] <... close resumed>) = 0 [pid 3173] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3171] <... futex resumed>) = 0 [pid 3173] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3171] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3171] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3173] <... open resumed>) = 3 [pid 3173] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3171] <... futex resumed>) = 0 [pid 3171] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3171] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3173] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3172] mkdir(0x200000c0, 0777 [pid 3173] <... mmap resumed>) = 0x20000000 [pid 3173] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3171] <... futex resumed>) = 0 [pid 3171] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3173] memfd_create("syzkaller", 0) = 4 [pid 3173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3172] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 3172] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3172] ioctl(6, LOOP_CLR_FD) = 0 [pid 3172] close(6) = 0 [pid 3172] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3172] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3173] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3173] munmap(0x7f22d914f000, 138412032) = 0 [pid 3173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3173] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3173] ioctl(6, LOOP_CLR_FD) = 0 [pid 3173] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3173] close(6) = 0 [pid 3173] close(4) = 0 [pid 3173] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3173] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3171] exit_group(0 [pid 3172] <... futex resumed>) = ? [pid 3171] <... exit_group resumed>) = ? [pid 3172] +++ exited with 0 +++ [pid 3173] <... futex resumed>) = ? [pid 3173] +++ exited with 0 +++ [pid 3171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3171, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- [ 68.253459][ T3172] loop0: detected capacity change from 0 to 512 umount2("./890", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./890", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./890/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./890/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./890/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./890/bus") = 0 umount2("./890/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./890/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./890/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./890") = 0 mkdir("./891", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3174 ./strace-static-x86_64: Process 3174 attached [pid 3174] set_robust_list(0x5555564336a0, 24) = 0 [pid 3174] chdir("./891") = 0 [pid 3174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3174] setpgid(0, 0) = 0 [pid 3174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3174] write(3, "1000", 4) = 4 [pid 3174] close(3) = 0 [pid 3174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3174] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3174] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3174] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3175]}, 88) = 3175 [pid 3174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3174] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3174] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3174] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3176]}, 88) = 3176 [pid 3174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3174] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3174] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3175 attached [pid 3175] set_robust_list(0x7f22e15909a0, 24) = 0 ./strace-static-x86_64: Process 3176 attached [pid 3175] rt_sigprocmask(SIG_SETMASK, [], [pid 3176] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3176] creat("./bus", 000 [pid 3175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3175] memfd_create("syzkaller", 0 [pid 3176] <... creat resumed>) = 3 [pid 3175] <... memfd_create resumed>) = 4 [pid 3175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3176] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3174] <... futex resumed>) = 0 [pid 3174] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3174] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3176] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3176] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3174] <... futex resumed>) = 0 [pid 3174] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3174] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3176] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3175] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3176] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3174] <... futex resumed>) = 0 [pid 3174] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3174] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3176] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3175] <... write resumed>) = 262144 [pid 3175] munmap(0x7f22d914f000, 138412032 [pid 3176] <... mmap resumed>) = 0x20000000 [pid 3176] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3175] <... munmap resumed>) = 0 [pid 3176] <... futex resumed>) = 1 [pid 3175] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3174] <... futex resumed>) = 0 [pid 3174] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3176] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3175] <... openat resumed>) = 6 [pid 3176] +++ killed by SIGBUS +++ [pid 3175] +++ killed by SIGBUS +++ [pid 3174] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3174, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./891", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./891", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./891/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./891/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./891/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./891/bus") = 0 umount2("./891/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./891/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./891/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./891") = 0 mkdir("./892", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3177 ./strace-static-x86_64: Process 3177 attached [pid 3177] set_robust_list(0x5555564336a0, 24) = 0 [pid 3177] chdir("./892") = 0 [pid 3177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3177] setpgid(0, 0) = 0 [pid 3177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3177] write(3, "1000", 4) = 4 [pid 3177] close(3) = 0 [pid 3177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3177] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3177] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3177] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3178 attached => {parent_tid=[3178]}, 88) = 3178 [pid 3177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3177] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3177] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3177] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3179]}, 88) = 3179 [pid 3177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3177] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3177] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3178] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3178] memfd_create("syzkaller", 0) = 3 [pid 3178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 3179 attached [pid 3178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3179] set_robust_list(0x7f22e156f9a0, 24 [pid 3178] <... write resumed>) = 262144 [pid 3178] munmap(0x7f22d914f000, 138412032) = 0 [pid 3178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3178] ioctl(4, LOOP_SET_FD, 3 [pid 3179] <... set_robust_list resumed>) = 0 [pid 3179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3179] creat("./bus", 000) = 5 [pid 3178] <... ioctl resumed>) = 0 [pid 3179] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3178] close(3 [pid 3177] <... futex resumed>) = 0 [pid 3177] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3177] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3179] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3178] <... close resumed>) = 0 [pid 3179] <... mount resumed>) = 0 [pid 3179] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3177] <... futex resumed>) = 0 [pid 3179] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3177] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3177] <... futex resumed>) = 0 [pid 3179] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3177] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3179] <... open resumed>) = 3 [pid 3179] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3177] <... futex resumed>) = 0 [pid 3179] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3177] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3177] <... futex resumed>) = 0 [pid 3179] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3177] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3179] <... mmap resumed>) = 0x20000000 [pid 3178] close(4 [pid 3179] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3178] <... close resumed>) = 0 [pid 3177] <... futex resumed>) = 0 [pid 3179] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3177] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3179] memfd_create("syzkaller", 0 [pid 3177] <... futex resumed>) = 0 [pid 3179] <... memfd_create resumed>) = 4 [pid 3179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3178] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3178] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3178] ioctl(6, LOOP_CLR_FD [pid 3179] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 3178] <... ioctl resumed>) = 0 [pid 3178] close(6) = 0 [pid 3178] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3178] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3179] <... write resumed>) = 4194304 [pid 3179] munmap(0x7f22d914f000, 138412032) = 0 [pid 3179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3179] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3179] ioctl(6, LOOP_CLR_FD) = 0 [pid 3179] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3179] close(6) = 0 [pid 3179] close(4) = 0 [pid 3179] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3179] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3177] exit_group(0 [pid 3178] <... futex resumed>) = ? [pid 3177] <... exit_group resumed>) = ? [pid 3178] +++ exited with 0 +++ [pid 3179] <... futex resumed>) = ? [pid 3179] +++ exited with 0 +++ [pid 3177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3177, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./892", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./892", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./892/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./892/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./892/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./892/bus") = 0 umount2("./892/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./892/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./892/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./892") = 0 mkdir("./893", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3180 ./strace-static-x86_64: Process 3180 attached [pid 3180] set_robust_list(0x5555564336a0, 24) = 0 [pid 3180] chdir("./893") = 0 [pid 3180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3180] setpgid(0, 0) = 0 [pid 3180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3180] write(3, "1000", 4) = 4 [pid 3180] close(3) = 0 [pid 3180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3180] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3180] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 68.346892][ T3178] loop0: detected capacity change from 0 to 512 [pid 3180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3180] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3181]}, 88) = 3181 [pid 3180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3180] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3180] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3180] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3181 attached => {parent_tid=[3182]}, 88) = 3182 [pid 3180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3180] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3180] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3182 attached [pid 3182] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3182] creat("./bus", 000 [pid 3181] set_robust_list(0x7f22e15909a0, 24 [pid 3182] <... creat resumed>) = 3 [pid 3182] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3180] <... futex resumed>) = 0 [pid 3180] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3180] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3182] <... futex resumed>) = 1 [pid 3182] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3181] <... set_robust_list resumed>) = 0 [pid 3182] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3180] <... futex resumed>) = 0 [pid 3180] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3180] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3182] <... futex resumed>) = 1 [pid 3182] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3182] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3180] <... futex resumed>) = 0 [pid 3180] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3180] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3182] <... futex resumed>) = 1 [pid 3182] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3181] rt_sigprocmask(SIG_SETMASK, [], [pid 3182] <... mmap resumed>) = 0x20000000 [pid 3182] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3180] <... futex resumed>) = 0 [pid 3180] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3182] <... futex resumed>) = 1 [pid 3182] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3181] +++ killed by SIGBUS +++ [pid 3182] +++ killed by SIGBUS +++ [pid 3180] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3180, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./893", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./893", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./893/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./893/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./893/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./893/bus") = 0 umount2("./893/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./893/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./893/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./893") = 0 mkdir("./894", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3183 ./strace-static-x86_64: Process 3183 attached [pid 3183] set_robust_list(0x5555564336a0, 24) = 0 [pid 3183] chdir("./894") = 0 [pid 3183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3183] setpgid(0, 0) = 0 [pid 3183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3183] write(3, "1000", 4) = 4 [pid 3183] close(3) = 0 [pid 3183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3183] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3183] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3183] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3184]}, 88) = 3184 [pid 3183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3183] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3183] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3183] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 3184 attached ) = 0 [pid 3183] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3184] set_robust_list(0x7f22e15909a0, 24 [pid 3183] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3185]}, 88) = 3185 [pid 3184] <... set_robust_list resumed>) = 0 [pid 3183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3183] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3183] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3185 attached [pid 3185] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3185] creat("./bus", 000 [pid 3184] rt_sigprocmask(SIG_SETMASK, [], [pid 3185] <... creat resumed>) = 3 [pid 3184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3185] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3183] <... futex resumed>) = 0 [pid 3183] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3183] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3185] <... futex resumed>) = 1 [pid 3185] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3185] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3183] <... futex resumed>) = 0 [pid 3183] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3183] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3185] <... futex resumed>) = 1 [pid 3185] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3185] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3183] <... futex resumed>) = 0 [pid 3183] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3183] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3185] <... futex resumed>) = 1 [pid 3185] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3185] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3183] <... futex resumed>) = 0 [pid 3183] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3185] <... futex resumed>) = 1 [pid 3185] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3185] +++ killed by SIGBUS +++ [pid 3184] +++ killed by SIGBUS +++ [pid 3183] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3183, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./894", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./894", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./894/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./894/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./894/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./894/bus") = 0 umount2("./894/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./894/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./894/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./894") = 0 mkdir("./895", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3186 ./strace-static-x86_64: Process 3186 attached [pid 3186] set_robust_list(0x5555564336a0, 24) = 0 [pid 3186] chdir("./895") = 0 [pid 3186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3186] setpgid(0, 0) = 0 [pid 3186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3186] write(3, "1000", 4) = 4 [pid 3186] close(3) = 0 [pid 3186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3186] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3186] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3186] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3187 attached [pid 3187] set_robust_list(0x7f22e15909a0, 24 [pid 3186] <... clone3 resumed> => {parent_tid=[3187]}, 88) = 3187 [pid 3187] <... set_robust_list resumed>) = 0 [pid 3186] rt_sigprocmask(SIG_SETMASK, [], [pid 3187] rt_sigprocmask(SIG_SETMASK, [], [pid 3186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3186] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3186] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3187] memfd_create("syzkaller", 0 [pid 3186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3187] <... memfd_create resumed>) = 3 [pid 3187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3186] <... mmap resumed>) = 0x7f22e154f000 [pid 3186] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3187] <... mmap resumed>) = 0x7f22d914f000 [pid 3186] <... mprotect resumed>) = 0 [pid 3186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3188 attached => {parent_tid=[3188]}, 88) = 3188 [pid 3188] set_robust_list(0x7f22e156f9a0, 24 [pid 3186] rt_sigprocmask(SIG_SETMASK, [], [pid 3188] <... set_robust_list resumed>) = 0 [pid 3188] rt_sigprocmask(SIG_SETMASK, [], [pid 3186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3186] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3188] creat("./bus", 000 [pid 3186] <... futex resumed>) = 0 [pid 3186] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3188] <... creat resumed>) = 4 [pid 3188] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3186] <... futex resumed>) = 0 [pid 3186] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3186] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3188] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3188] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3186] <... futex resumed>) = 0 [pid 3188] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3186] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3188] <... futex resumed>) = 0 [pid 3188] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3186] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3188] <... open resumed>) = 5 [pid 3188] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3188] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3186] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3188] <... futex resumed>) = 0 [pid 3188] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3186] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3188] <... mmap resumed>) = 0x20000000 [pid 3188] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3186] <... futex resumed>) = 0 [pid 3186] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3188] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3188] +++ killed by SIGBUS +++ [pid 3187] <... write resumed>) = ? [pid 3187] +++ killed by SIGBUS +++ [pid 3186] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3186, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./895", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./895", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./895/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./895/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./895/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./895/bus") = 0 umount2("./895/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./895/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./895/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./895") = 0 mkdir("./896", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3189 attached , child_tidptr=0x555556433690) = 3189 [pid 3189] set_robust_list(0x5555564336a0, 24) = 0 [pid 3189] chdir("./896") = 0 [pid 3189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3189] setpgid(0, 0) = 0 [pid 3189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3189] write(3, "1000", 4) = 4 [pid 3189] close(3) = 0 [pid 3189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3189] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3189] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3189] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3190]}, 88) = 3190 [pid 3189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3189] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3189] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3189] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3191 attached ./strace-static-x86_64: Process 3190 attached => {parent_tid=[3191]}, 88) = 3191 [pid 3189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3189] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3189] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3190] set_robust_list(0x7f22e15909a0, 24 [pid 3191] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3191] creat("./bus", 000) = 3 [pid 3191] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3189] <... futex resumed>) = 0 [pid 3189] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3189] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3191] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3191] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3189] <... futex resumed>) = 0 [pid 3189] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3189] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3191] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3191] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3189] <... futex resumed>) = 0 [pid 3189] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3189] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3191] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3190] <... set_robust_list resumed>) = 0 [pid 3191] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3189] <... futex resumed>) = 0 [pid 3189] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3191] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3190] rt_sigprocmask(SIG_SETMASK, [], ) = ? [pid 3190] +++ killed by SIGBUS +++ [pid 3191] +++ killed by SIGBUS +++ [pid 3189] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3189, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./896", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./896", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./896/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./896/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./896/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./896/bus") = 0 umount2("./896/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./896/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./896/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./896") = 0 mkdir("./897", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3192 ./strace-static-x86_64: Process 3192 attached [pid 3192] set_robust_list(0x5555564336a0, 24) = 0 [pid 3192] chdir("./897") = 0 [pid 3192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3192] setpgid(0, 0) = 0 [pid 3192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3192] write(3, "1000", 4) = 4 [pid 3192] close(3) = 0 [pid 3192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3192] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3192] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3192] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3193 attached => {parent_tid=[3193]}, 88) = 3193 [pid 3192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3192] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3192] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3192] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 3193] set_robust_list(0x7f22e15909a0, 24 [pid 3192] <... clone3 resumed> => {parent_tid=[3194]}, 88) = 3194 [pid 3192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3192] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3192] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3194 attached [pid 3194] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3194] creat("./bus", 000 [pid 3193] <... set_robust_list resumed>) = 0 [pid 3194] <... creat resumed>) = 3 [pid 3193] rt_sigprocmask(SIG_SETMASK, [], [pid 3194] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3192] <... futex resumed>) = 0 [pid 3194] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3192] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3194] <... mount resumed>) = 0 [pid 3193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3192] <... futex resumed>) = 0 [pid 3194] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3192] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3194] <... futex resumed>) = 0 [pid 3192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3194] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3192] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3194] <... open resumed>) = 4 [pid 3192] <... futex resumed>) = 0 [pid 3194] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3192] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3194] <... futex resumed>) = 0 [pid 3192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3194] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3192] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3194] <... mmap resumed>) = 0x20000000 [pid 3192] <... futex resumed>) = 0 [pid 3194] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3192] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3194] <... futex resumed>) = 0 [pid 3192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3194] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3192] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 3194] +++ killed by SIGBUS +++ [pid 3193] +++ killed by SIGBUS +++ [pid 3192] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3192, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./897", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./897", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./897/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./897/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./897/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./897/bus") = 0 umount2("./897/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./897/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./897/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./897") = 0 mkdir("./898", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3195 ./strace-static-x86_64: Process 3195 attached [pid 3195] set_robust_list(0x5555564336a0, 24) = 0 [pid 3195] chdir("./898") = 0 [pid 3195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3195] setpgid(0, 0) = 0 [pid 3195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3195] write(3, "1000", 4) = 4 [pid 3195] close(3) = 0 [pid 3195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3195] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3195] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3195] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3196]}, 88) = 3196 [pid 3195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3195] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3195] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3195] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3195] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 3196 attached [], 8) = 0 [pid 3195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3197]}, 88) = 3197 [pid 3195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3195] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3195] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3197 attached [pid 3197] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3197] creat("./bus", 000 [pid 3196] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3197] <... creat resumed>) = 3 [pid 3197] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3195] <... futex resumed>) = 0 [pid 3195] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3195] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3197] <... futex resumed>) = 1 [pid 3197] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3196] rt_sigprocmask(SIG_SETMASK, [], [pid 3197] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3195] <... futex resumed>) = 0 [pid 3195] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3195] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3197] <... futex resumed>) = 1 [pid 3197] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3197] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3195] <... futex resumed>) = 0 [pid 3195] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3195] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3197] <... futex resumed>) = 1 [pid 3197] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3197] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3195] <... futex resumed>) = 0 [pid 3195] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3197] <... futex resumed>) = 1 [pid 3197] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3196] <... rt_sigprocmask resumed> ) = ? [pid 3196] +++ killed by SIGBUS +++ [pid 3197] +++ killed by SIGBUS +++ [pid 3195] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3195, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./898", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./898", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./898/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./898/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./898/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./898/bus") = 0 umount2("./898/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./898/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./898/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./898") = 0 mkdir("./899", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3198 attached , child_tidptr=0x555556433690) = 3198 [pid 3198] set_robust_list(0x5555564336a0, 24) = 0 [pid 3198] chdir("./899") = 0 [pid 3198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3198] setpgid(0, 0) = 0 [pid 3198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3198] write(3, "1000", 4) = 4 [pid 3198] close(3) = 0 [pid 3198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3198] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3198] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3199 attached => {parent_tid=[3199]}, 88) = 3199 [pid 3199] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3199] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3198] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3198] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3199] <... futex resumed>) = 0 [pid 3198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3199] memfd_create("syzkaller", 0 [pid 3198] <... mmap resumed>) = 0x7f22e154f000 [pid 3199] <... memfd_create resumed>) = 3 [pid 3199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3198] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3200]}, 88) = 3200 [pid 3199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 3200 attached [pid 3198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3198] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3200] set_robust_list(0x7f22e156f9a0, 24 [pid 3199] <... write resumed>) = 262144 [pid 3200] <... set_robust_list resumed>) = 0 [pid 3199] munmap(0x7f22d914f000, 138412032 [pid 3200] rt_sigprocmask(SIG_SETMASK, [], [pid 3199] <... munmap resumed>) = 0 [pid 3200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3199] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3200] creat("./bus", 000 [pid 3199] <... openat resumed>) = 4 [pid 3199] ioctl(4, LOOP_SET_FD, 3 [pid 3200] <... creat resumed>) = 5 [pid 3200] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3198] <... futex resumed>) = 0 [pid 3198] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3200] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3200] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3198] <... futex resumed>) = 0 [pid 3198] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3200] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3200] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3198] <... futex resumed>) = 0 [pid 3198] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3200] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3199] <... ioctl resumed>) = 0 [pid 3199] close(3) = 0 [pid 3199] close(4) = 0 [pid 3199] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3199] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3199] ioctl(3, LOOP_CLR_FD) = 0 [pid 3199] close(3) = 0 [pid 3199] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3199] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3200] <... mmap resumed>) = 0x20000000 [pid 3200] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3198] <... futex resumed>) = 0 [pid 3198] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3199] <... futex resumed>) = 0 [pid 3199] memfd_create("syzkaller", 0) = 3 [pid 3199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3200] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3199] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3199] munmap(0x7f22d914f000, 138412032) = 0 [pid 3199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3199] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3199] ioctl(4, LOOP_CLR_FD) = 0 [pid 3199] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3199] close(4) = 0 [pid 3199] close(3) = 0 [pid 3199] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3199] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3198] exit_group(0) = ? [pid 3200] <... futex resumed>) = ? [pid 3199] <... futex resumed>) = ? [pid 3200] +++ exited with 0 +++ [pid 3199] +++ exited with 0 +++ [pid 3198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3198, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./899", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./899", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./899/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./899/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./899/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./899/bus") = 0 umount2("./899/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./899/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./899/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./899") = 0 mkdir("./900", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3201 ./strace-static-x86_64: Process 3201 attached [pid 3201] set_robust_list(0x5555564336a0, 24) = 0 [pid 3201] chdir("./900") = 0 [pid 3201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3201] setpgid(0, 0) = 0 [pid 3201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3201] write(3, "1000", 4) = 4 [pid 3201] close(3) = 0 [pid 3201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3201] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3201] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3202]}, 88) = 3202 [pid 3201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3201] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3201] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3203]}, 88) = 3203 [pid 3201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3201] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3203 attached [pid 3203] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3203] creat("./bus", 000) = 3 [pid 3203] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3201] <... futex resumed>) = 0 [pid 3201] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3203] <... futex resumed>) = 1 [pid 3203] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3203] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3201] <... futex resumed>) = 0 [pid 3201] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3203] <... futex resumed>) = 1 [pid 3203] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3203] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3201] <... futex resumed>) = 0 [pid 3201] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3203] <... futex resumed>) = 1 [pid 3203] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3203] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3201] <... futex resumed>) = 0 [pid 3201] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3203] <... futex resumed>) = 1 [pid 3203] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3203] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3202 attached [pid 3202] +++ killed by SIGBUS +++ [pid 3201] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3201, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./900", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./900", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./900/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./900/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./900/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./900/bus") = 0 umount2("./900/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./900/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./900/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./900") = 0 mkdir("./901", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3204 ./strace-static-x86_64: Process 3204 attached [ 68.522854][ T3199] loop0: detected capacity change from 0 to 512 [pid 3204] set_robust_list(0x5555564336a0, 24) = 0 [pid 3204] chdir("./901") = 0 [pid 3204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3204] setpgid(0, 0) = 0 [pid 3204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3204] write(3, "1000", 4) = 4 [pid 3204] close(3) = 0 [pid 3204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3204] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3204] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3204] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3205]}, 88) = 3205 ./strace-static-x86_64: Process 3205 attached [pid 3204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3204] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3204] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3204] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3204] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3205] set_robust_list(0x7f22e15909a0, 24 [pid 3204] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3206]}, 88) = 3206 [pid 3204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3204] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3204] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3205] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 3206 attached [pid 3206] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3206] creat("./bus", 000 [pid 3205] rt_sigprocmask(SIG_SETMASK, [], [pid 3206] <... creat resumed>) = 3 [pid 3206] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3204] <... futex resumed>) = 0 [pid 3204] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3204] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3206] <... futex resumed>) = 1 [pid 3206] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3206] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3204] <... futex resumed>) = 0 [pid 3204] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3204] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3206] <... futex resumed>) = 1 [pid 3206] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3206] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3204] <... futex resumed>) = 0 [pid 3204] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3204] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3206] <... futex resumed>) = 1 [pid 3206] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3206] <... mmap resumed>) = 0x20000000 [pid 3206] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3204] <... futex resumed>) = 0 [pid 3204] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3206] <... futex resumed>) = 1 [pid 3206] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3205] +++ killed by SIGBUS +++ [pid 3206] +++ killed by SIGBUS +++ [pid 3204] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3204, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./901", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./901", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./901/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./901/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./901/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./901/bus") = 0 umount2("./901/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./901/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./901/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./901") = 0 mkdir("./902", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3207 ./strace-static-x86_64: Process 3207 attached [pid 3207] set_robust_list(0x5555564336a0, 24) = 0 [pid 3207] chdir("./902") = 0 [pid 3207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3207] setpgid(0, 0) = 0 [pid 3207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3207] write(3, "1000", 4) = 4 [pid 3207] close(3) = 0 [pid 3207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3207] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3207] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3207] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3208 attached [pid 3208] set_robust_list(0x7f22e15909a0, 24 [pid 3207] <... clone3 resumed> => {parent_tid=[3208]}, 88) = 3208 [pid 3208] <... set_robust_list resumed>) = 0 [pid 3207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3207] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3207] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3208] memfd_create("syzkaller", 0 [pid 3207] <... futex resumed>) = 0 [pid 3207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3208] <... memfd_create resumed>) = 3 [pid 3208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3207] <... mmap resumed>) = 0x7f22e154f000 [pid 3207] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3208] <... mmap resumed>) = 0x7f22d914f000 [pid 3207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3209 attached => {parent_tid=[3209]}, 88) = 3209 [pid 3209] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3209] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3207] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3209] <... futex resumed>) = 0 [pid 3209] creat("./bus", 000 [pid 3207] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3209] <... creat resumed>) = 4 [pid 3209] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3209] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3207] <... futex resumed>) = 0 [pid 3207] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3209] <... futex resumed>) = 0 [pid 3207] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3209] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3209] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3207] <... futex resumed>) = 0 [pid 3209] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3207] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3207] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3209] <... open resumed>) = 5 [pid 3209] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3207] <... futex resumed>) = 0 [pid 3209] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3207] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3207] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3209] <... mmap resumed>) = 0x20000000 [pid 3208] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000da0} --- [pid 3207] <... futex resumed>) = ? [pid 3209] +++ killed by SIGBUS +++ [pid 3208] +++ killed by SIGBUS +++ [pid 3207] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3207, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./902", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./902", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./902/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./902/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./902/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./902/bus") = 0 umount2("./902/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./902/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./902/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./902") = 0 mkdir("./903", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3210 ./strace-static-x86_64: Process 3210 attached [pid 3210] set_robust_list(0x5555564336a0, 24) = 0 [pid 3210] chdir("./903") = 0 [pid 3210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3210] setpgid(0, 0) = 0 [pid 3210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3210] write(3, "1000", 4) = 4 [pid 3210] close(3) = 0 [pid 3210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3210] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3210] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3210] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3211 attached => {parent_tid=[3211]}, 88) = 3211 [pid 3211] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3211] rt_sigprocmask(SIG_SETMASK, [], [pid 3210] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3210] <... futex resumed>) = 0 [pid 3210] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3211] memfd_create("syzkaller", 0 [pid 3210] <... mmap resumed>) = 0x7f22e154f000 [pid 3210] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3211] <... memfd_create resumed>) = 3 [pid 3210] <... mprotect resumed>) = 0 [pid 3211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3211] <... mmap resumed>) = 0x7f22d914f000 [pid 3210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3212 attached [pid 3212] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3212] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3210] <... clone3 resumed> => {parent_tid=[3212]}, 88) = 3212 [pid 3210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3210] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3212] <... futex resumed>) = 0 [pid 3212] creat("./bus", 000 [pid 3210] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3212] <... creat resumed>) = 4 [pid 3212] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3212] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3210] <... futex resumed>) = 0 [pid 3210] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3212] <... futex resumed>) = 0 [pid 3212] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3210] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3212] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3210] <... futex resumed>) = 0 [pid 3212] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3210] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3212] <... open resumed>) = 5 [pid 3212] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3210] <... futex resumed>) = 0 [pid 3212] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3210] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3212] <... mmap resumed>) = 0x20000000 [pid 3212] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3210] <... futex resumed>) = 0 [pid 3212] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3210] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3211] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d35} --- [pid 3212] +++ killed by SIGBUS +++ [pid 3211] +++ killed by SIGBUS +++ [pid 3210] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3210, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./903", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./903", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./903/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./903/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./903/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./903/bus") = 0 umount2("./903/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./903/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./903/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./903") = 0 mkdir("./904", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3213 ./strace-static-x86_64: Process 3213 attached [pid 3213] set_robust_list(0x5555564336a0, 24) = 0 [pid 3213] chdir("./904") = 0 [pid 3213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3213] setpgid(0, 0) = 0 [pid 3213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3213] write(3, "1000", 4) = 4 [pid 3213] close(3) = 0 [pid 3213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3213] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3213] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3213] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3213] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3214]}, 88) = 3214 [pid 3213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3213] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3213] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3213] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3215 attached => {parent_tid=[3215]}, 88) = 3215 [pid 3213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3213] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3213] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3214 attached [pid 3214] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3214] memfd_create("syzkaller", 0) = 3 [pid 3215] set_robust_list(0x7f22e156f9a0, 24 [pid 3214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3215] <... set_robust_list resumed>) = 0 [pid 3215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3215] creat("./bus", 000) = 4 [pid 3215] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3213] <... futex resumed>) = 0 [pid 3213] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3213] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3215] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3215] <... mount resumed>) = 0 [pid 3215] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3213] <... futex resumed>) = 0 [pid 3213] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3213] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3215] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3215] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3214] <... write resumed>) = 262144 [pid 3214] munmap(0x7f22d914f000, 138412032) = 0 [pid 3214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3214] ioctl(6, LOOP_SET_FD, 3 [pid 3215] <... futex resumed>) = 1 [pid 3213] <... futex resumed>) = 0 [pid 3214] <... ioctl resumed>) = 0 [pid 3213] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3213] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3214] close(3) = 0 [pid 3214] close(6) = 0 [pid 3214] mkdir("./file0", 0777) = 0 [pid 3214] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3215] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3215] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3215] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3213] <... futex resumed>) = 0 [pid 3213] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3215] <... futex resumed>) = 0 [pid 3215] memfd_create("syzkaller", 0) = 3 [pid 3215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3214] <... mount resumed>) = 0 [pid 3214] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3214] ioctl(6, LOOP_CLR_FD) = 0 [pid 3214] close(6) = 0 [pid 3214] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3214] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3215] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3215] munmap(0x7f22d914f000, 138412032) = 0 [pid 3215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3215] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3215] ioctl(6, LOOP_CLR_FD) = 0 [pid 3215] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3215] close(6) = 0 [pid 3215] close(3) = 0 [pid 3215] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3215] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3213] exit_group(0) = ? [pid 3214] <... futex resumed>) = ? [pid 3214] +++ exited with 0 +++ [pid 3215] <... futex resumed>) = ? [pid 3215] +++ exited with 0 +++ [pid 3213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3213, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./904", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./904", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./904/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./904/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./904/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./904/bus") = 0 umount2("./904/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./904/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./904/binderfs") = 0 [ 68.673601][ T3214] loop0: detected capacity change from 0 to 512 [ 68.685536][ T3214] EXT4-fs (loop0): 1 truncate cleaned up [ 68.691344][ T3214] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./904/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./904/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./904/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./904/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./904/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./904/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./904") = 0 mkdir("./905", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3218 ./strace-static-x86_64: Process 3218 attached [pid 3218] set_robust_list(0x5555564336a0, 24) = 0 [pid 3218] chdir("./905") = 0 [pid 3218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3218] setpgid(0, 0) = 0 [pid 3218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3218] write(3, "1000", 4) = 4 [pid 3218] close(3) = 0 [pid 3218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3218] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3218] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3218] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3218] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3219 attached [pid 3219] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3219] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3218] <... clone3 resumed> => {parent_tid=[3219]}, 88) = 3219 [pid 3218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3218] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3219] <... futex resumed>) = 0 [pid 3219] memfd_create("syzkaller", 0 [pid 3218] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3219] <... memfd_create resumed>) = 3 [pid 3218] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3218] <... mprotect resumed>) = 0 [pid 3219] <... mmap resumed>) = 0x7f22d914f000 [pid 3218] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3218] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3220 attached [pid 3220] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3220] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3218] <... clone3 resumed> => {parent_tid=[3220]}, 88) = 3220 [pid 3218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3218] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3220] <... futex resumed>) = 0 [pid 3220] creat("./bus", 000 [pid 3218] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3219] <... write resumed>) = 262144 [pid 3219] munmap(0x7f22d914f000, 138412032 [pid 3220] <... creat resumed>) = 4 [pid 3220] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3219] <... munmap resumed>) = 0 [pid 3220] <... futex resumed>) = 1 [pid 3218] <... futex resumed>) = 0 [pid 3218] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3218] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3220] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3220] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3218] <... futex resumed>) = 0 [pid 3218] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3218] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3220] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3220] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3218] <... futex resumed>) = 0 [pid 3218] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3218] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3220] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3219] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3220] <... mmap resumed>) = 0x20000000 [pid 3220] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3218] <... futex resumed>) = 0 [pid 3218] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3220] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3219] <... openat resumed>) = 6 [pid 3220] +++ killed by SIGBUS +++ [pid 3219] +++ killed by SIGBUS +++ [pid 3218] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3218, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./905", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./905", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./905/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./905/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./905/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./905/bus") = 0 umount2("./905/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./905/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./905/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./905") = 0 mkdir("./906", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3221 ./strace-static-x86_64: Process 3221 attached [pid 3221] set_robust_list(0x5555564336a0, 24) = 0 [pid 3221] chdir("./906") = 0 [pid 3221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3221] setpgid(0, 0) = 0 [pid 3221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3221] write(3, "1000", 4) = 4 [pid 3221] close(3) = 0 [pid 3221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3221] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3221] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3221] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3221] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3222]}, 88) = 3222 [pid 3221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3221] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3221] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3221] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3222 attached [pid 3222] set_robust_list(0x7f22e15909a0, 24 [pid 3221] <... clone3 resumed> => {parent_tid=[3223]}, 88) = 3223 [pid 3221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3221] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3221] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3223 attached [pid 3223] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3223] creat("./bus", 000 [pid 3222] <... set_robust_list resumed>) = 0 [pid 3222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3223] <... creat resumed>) = 3 [pid 3223] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3221] <... futex resumed>) = 0 [pid 3221] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3221] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3223] <... futex resumed>) = 1 [pid 3223] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3223] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3221] <... futex resumed>) = 0 [pid 3221] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3221] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3223] <... futex resumed>) = 1 [pid 3223] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3223] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3221] <... futex resumed>) = 0 [pid 3221] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3221] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3223] <... futex resumed>) = 1 [pid 3223] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3222] memfd_create("syzkaller", 0 [pid 3223] <... mmap resumed>) = 0x20000000 [pid 3223] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3221] <... futex resumed>) = 0 [pid 3221] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3223] <... futex resumed>) = 1 [pid 3223] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3222] <... memfd_create resumed>) = ? [pid 3222] +++ killed by SIGBUS +++ [pid 3223] +++ killed by SIGBUS +++ [pid 3221] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3221, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./906", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./906", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./906/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./906/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./906/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./906/bus") = 0 umount2("./906/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./906/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./906/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./906") = 0 mkdir("./907", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 68.740713][ T293] EXT4-fs (loop0): unmounting filesystem. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3224 attached , child_tidptr=0x555556433690) = 3224 [pid 3224] set_robust_list(0x5555564336a0, 24) = 0 [pid 3224] chdir("./907") = 0 [pid 3224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3224] setpgid(0, 0) = 0 [pid 3224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3224] write(3, "1000", 4) = 4 [pid 3224] close(3) = 0 [pid 3224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3224] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3224] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3224] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3224] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3225]}, 88) = 3225 [pid 3224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3224] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3224] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3224] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3226]}, 88) = 3226 ./strace-static-x86_64: Process 3226 attached ./strace-static-x86_64: Process 3225 attached [pid 3226] set_robust_list(0x7f22e156f9a0, 24 [pid 3225] set_robust_list(0x7f22e15909a0, 24 [pid 3224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3224] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3224] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3226] <... set_robust_list resumed>) = 0 [pid 3226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3226] creat("./bus", 000 [pid 3225] <... set_robust_list resumed>) = 0 [pid 3225] rt_sigprocmask(SIG_SETMASK, [], [pid 3226] <... creat resumed>) = 3 [pid 3226] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3224] <... futex resumed>) = 0 [pid 3224] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3224] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3226] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3226] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3224] <... futex resumed>) = 0 [pid 3224] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3224] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3226] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3226] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3224] <... futex resumed>) = 0 [pid 3224] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3224] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3226] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3225] memfd_create("syzkaller", 0 [pid 3226] <... mmap resumed>) = 0x20000000 [pid 3226] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3224] <... futex resumed>) = 0 [pid 3224] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3226] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3225] <... memfd_create resumed>) = ? [pid 3226] +++ killed by SIGBUS +++ [pid 3225] +++ killed by SIGBUS +++ [pid 3224] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3224, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./907", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./907", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./907/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./907/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./907/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./907/bus") = 0 umount2("./907/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./907/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./907/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./907") = 0 mkdir("./908", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3227 ./strace-static-x86_64: Process 3227 attached [pid 3227] set_robust_list(0x5555564336a0, 24) = 0 [pid 3227] chdir("./908") = 0 [pid 3227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3227] setpgid(0, 0) = 0 [pid 3227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3227] write(3, "1000", 4) = 4 [pid 3227] close(3) = 0 [pid 3227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3227] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3227] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3227] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3227] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3228 attached => {parent_tid=[3228]}, 88) = 3228 [pid 3227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3227] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3227] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3227] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3229 attached => {parent_tid=[3229]}, 88) = 3229 [pid 3227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3227] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3227] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3228] set_robust_list(0x7f22e15909a0, 24 [pid 3229] set_robust_list(0x7f22e156f9a0, 24 [pid 3228] <... set_robust_list resumed>) = 0 [pid 3228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3228] memfd_create("syzkaller", 0) = 3 [pid 3228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3229] <... set_robust_list resumed>) = 0 [pid 3229] rt_sigprocmask(SIG_SETMASK, [], [pid 3228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3229] creat("./bus", 000) = 4 [pid 3229] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3227] <... futex resumed>) = 0 [pid 3227] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3229] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3227] <... futex resumed>) = 0 [pid 3227] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3228] <... write resumed>) = 262144 [pid 3228] munmap(0x7f22d914f000, 138412032) = 0 [pid 3228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3228] ioctl(5, LOOP_SET_FD, 3 [pid 3229] <... mount resumed>) = 0 [pid 3229] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3229] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3227] <... futex resumed>) = 0 [pid 3228] <... ioctl resumed>) = 0 [pid 3227] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3227] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3228] close(3) = 0 [pid 3228] close(5 [pid 3229] <... futex resumed>) = 0 [pid 3228] <... close resumed>) = 0 [pid 3228] mkdir("./file0", 0777) = 0 [pid 3228] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3229] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 3 [pid 3229] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3227] <... futex resumed>) = 0 [pid 3227] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3229] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3227] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3228] <... mount resumed>) = 0 [pid 3228] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3228] ioctl(5, LOOP_CLR_FD) = 0 [pid 3228] close(5) = 0 [pid 3228] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3228] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3229] <... mmap resumed>) = 0x20000000 [pid 3229] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3229] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3227] <... futex resumed>) = 0 [pid 3227] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3228] <... futex resumed>) = 0 [pid 3228] memfd_create("syzkaller", 0) = 5 [pid 3228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3228] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3228] munmap(0x7f22d914f000, 138412032) = 0 [pid 3228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3228] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3228] ioctl(6, LOOP_CLR_FD) = 0 [pid 3228] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3228] close(6) = 0 [pid 3228] close(5) = 0 [pid 3228] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3228] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3227] exit_group(0) = ? [pid 3229] <... futex resumed>) = ? [pid 3229] +++ exited with 0 +++ [pid 3228] <... futex resumed>) = ? [pid 3228] +++ exited with 0 +++ [pid 3227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3227, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./908", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./908", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./908/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./908/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./908/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./908/bus") = 0 umount2("./908/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./908/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./908/binderfs") = 0 [ 68.827134][ T3228] loop0: detected capacity change from 0 to 512 [ 68.838581][ T3228] EXT4-fs (loop0): 1 truncate cleaned up [ 68.844208][ T3228] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./908/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./908/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./908/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./908/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./908/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./908/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./908") = 0 mkdir("./909", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3231 ./strace-static-x86_64: Process 3231 attached [pid 3231] set_robust_list(0x5555564336a0, 24) = 0 [pid 3231] chdir("./909") = 0 [pid 3231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3231] setpgid(0, 0) = 0 [pid 3231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3231] write(3, "1000", 4) = 4 [pid 3231] close(3) = 0 [pid 3231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3231] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3231] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3231] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3232 attached => {parent_tid=[3232]}, 88) = 3232 [pid 3232] set_robust_list(0x7f22e15909a0, 24 [pid 3231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3232] <... set_robust_list resumed>) = 0 [pid 3231] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3232] rt_sigprocmask(SIG_SETMASK, [], [pid 3231] <... futex resumed>) = 0 [pid 3232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3231] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3232] memfd_create("syzkaller", 0 [pid 3231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3232] <... memfd_create resumed>) = 3 [pid 3231] <... mmap resumed>) = 0x7f22e154f000 [pid 3231] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3231] <... mprotect resumed>) = 0 [pid 3232] <... mmap resumed>) = 0x7f22d914f000 [pid 3231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3233 attached => {parent_tid=[3233]}, 88) = 3233 [pid 3233] set_robust_list(0x7f22e156f9a0, 24 [pid 3231] rt_sigprocmask(SIG_SETMASK, [], [pid 3233] <... set_robust_list resumed>) = 0 [pid 3231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3231] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3233] rt_sigprocmask(SIG_SETMASK, [], [pid 3231] <... futex resumed>) = 0 [pid 3231] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3233] creat("./bus", 000) = 4 [pid 3232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3233] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3231] <... futex resumed>) = 0 [pid 3233] <... futex resumed>) = 1 [pid 3231] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3231] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3233] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3233] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3231] <... futex resumed>) = 0 [pid 3233] <... futex resumed>) = 1 [pid 3233] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3231] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3232] <... write resumed>) = 262144 [pid 3232] munmap(0x7f22d914f000, 138412032 [pid 3231] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3232] <... munmap resumed>) = 0 [pid 3232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3232] ioctl(6, LOOP_SET_FD, 3 [pid 3233] <... open resumed>) = 5 [pid 3233] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3231] <... futex resumed>) = 0 [pid 3231] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3231] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3232] <... ioctl resumed>) = 0 [pid 3233] <... futex resumed>) = 1 [pid 3233] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3232] close(3) = 0 [pid 3232] close(6 [pid 3233] <... mmap resumed>) = 0x20000000 [pid 3233] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3231] <... futex resumed>) = 0 [pid 3231] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3233] <... futex resumed>) = 1 [pid 3233] memfd_create("syzkaller", 0) = 3 [pid 3233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3232] <... close resumed>) = 0 [pid 3232] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3232] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3232] ioctl(6, LOOP_CLR_FD) = 0 [pid 3232] close(6) = 0 [pid 3232] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3232] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3233] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3233] munmap(0x7f22d914f000, 138412032) = 0 [pid 3233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3233] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3233] ioctl(6, LOOP_CLR_FD) = 0 [pid 3233] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3233] close(6) = 0 [pid 3233] close(3) = 0 [pid 3233] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3233] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3231] exit_group(0) = ? [pid 3233] <... futex resumed>) = ? [pid 3233] +++ exited with 0 +++ [pid 3232] <... futex resumed>) = ? [ 68.893433][ T293] EXT4-fs (loop0): unmounting filesystem. [ 68.926101][ T3232] loop0: detected capacity change from 0 to 512 [pid 3232] +++ exited with 0 +++ [pid 3231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3231, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./909", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./909", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./909/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./909/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./909/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./909/bus") = 0 umount2("./909/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./909/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./909/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./909") = 0 mkdir("./910", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3234 attached [pid 3234] set_robust_list(0x5555564336a0, 24) = 0 [pid 3234] chdir("./910") = 0 [pid 3234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3234] setpgid(0, 0) = 0 [pid 3234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3234] write(3, "1000", 4) = 4 [pid 3234] close(3) = 0 [pid 3234] symlink("/dev/binderfs", "./binderfs" [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 3234 [pid 3234] <... symlink resumed>) = 0 [pid 3234] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3234] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3234] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3235 attached => {parent_tid=[3235]}, 88) = 3235 [pid 3235] set_robust_list(0x7f22e15909a0, 24 [pid 3234] rt_sigprocmask(SIG_SETMASK, [], [pid 3235] <... set_robust_list resumed>) = 0 [pid 3234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3235] rt_sigprocmask(SIG_SETMASK, [], [pid 3234] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3234] <... futex resumed>) = 0 [pid 3235] memfd_create("syzkaller", 0 [pid 3234] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3235] <... memfd_create resumed>) = 3 [pid 3234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3234] <... mmap resumed>) = 0x7f22e154f000 [pid 3234] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3235] <... mmap resumed>) = 0x7f22d914f000 [pid 3234] <... mprotect resumed>) = 0 [pid 3234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3236 attached => {parent_tid=[3236]}, 88) = 3236 [pid 3236] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3236] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3234] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3236] <... futex resumed>) = 0 [pid 3236] creat("./bus", 000 [pid 3234] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3236] <... creat resumed>) = 4 [pid 3236] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3236] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3234] <... futex resumed>) = 0 [pid 3234] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3236] <... futex resumed>) = 0 [pid 3236] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3234] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3236] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3234] <... futex resumed>) = 0 [pid 3236] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3234] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3234] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3236] <... open resumed>) = 5 [pid 3236] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3234] <... futex resumed>) = 0 [pid 3236] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3234] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3234] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3236] <... mmap resumed>) = 0x20000000 [pid 3235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3236] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3234] <... futex resumed>) = 0 [pid 3234] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3236] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3235] <... write resumed>) = ? [pid 3235] +++ killed by SIGBUS +++ [pid 3236] +++ killed by SIGBUS +++ [pid 3234] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3234, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./910", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./910", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./910/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./910/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./910/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./910/bus") = 0 umount2("./910/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./910/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./910/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./910") = 0 mkdir("./911", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3237 ./strace-static-x86_64: Process 3237 attached [pid 3237] set_robust_list(0x5555564336a0, 24) = 0 [pid 3237] chdir("./911") = 0 [pid 3237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3237] setpgid(0, 0) = 0 [pid 3237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3237] write(3, "1000", 4) = 4 [pid 3237] close(3) = 0 [pid 3237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3237] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3237] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3237] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3238 attached [pid 3238] set_robust_list(0x7f22e15909a0, 24 [pid 3237] <... clone3 resumed> => {parent_tid=[3238]}, 88) = 3238 [pid 3238] <... set_robust_list resumed>) = 0 [pid 3237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3237] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3237] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3238] memfd_create("syzkaller", 0 [pid 3237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3238] <... memfd_create resumed>) = 3 [pid 3237] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3238] <... mmap resumed>) = 0x7f22d914f000 [pid 3237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3239 attached => {parent_tid=[3239]}, 88) = 3239 [pid 3239] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3239] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3237] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3237] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3239] <... futex resumed>) = 0 [pid 3239] creat("./bus", 000) = 4 [pid 3239] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3239] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3237] <... futex resumed>) = 0 [pid 3237] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3239] <... futex resumed>) = 0 [pid 3238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3237] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3239] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3239] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3239] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3237] <... futex resumed>) = 0 [pid 3237] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3239] <... futex resumed>) = 0 [pid 3237] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3239] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3239] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3237] <... futex resumed>) = 0 [pid 3239] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3237] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3237] <... futex resumed>) = 0 [pid 3239] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3237] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3239] <... mmap resumed>) = 0x20000000 [pid 3239] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3237] <... futex resumed>) = 0 [pid 3237] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3239] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3237] <... futex resumed>) = 0 [pid 3238] <... write resumed>) = ? [pid 3239] +++ killed by SIGBUS +++ [pid 3238] +++ killed by SIGBUS +++ [pid 3237] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3237, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./911", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./911", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./911/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./911/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./911/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./911/bus") = 0 umount2("./911/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./911/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./911/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./911") = 0 mkdir("./912", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3240 ./strace-static-x86_64: Process 3240 attached [pid 3240] set_robust_list(0x5555564336a0, 24) = 0 [pid 3240] chdir("./912") = 0 [pid 3240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3240] setpgid(0, 0) = 0 [pid 3240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3240] write(3, "1000", 4) = 4 [pid 3240] close(3) = 0 [pid 3240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3240] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3240] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3240] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3240] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3241 attached => {parent_tid=[3241]}, 88) = 3241 [pid 3241] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3240] rt_sigprocmask(SIG_SETMASK, [], [pid 3241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3241] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3240] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3241] <... futex resumed>) = 0 [pid 3241] memfd_create("syzkaller", 0 [pid 3240] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3241] <... memfd_create resumed>) = 3 [pid 3241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3240] <... futex resumed>) = 0 [pid 3240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3240] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 3241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3240] <... clone3 resumed> => {parent_tid=[3242]}, 88) = 3242 [pid 3240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3240] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3241] <... write resumed>) = 262144 [pid 3241] munmap(0x7f22d9170000, 138412032 [pid 3240] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3241] <... munmap resumed>) = 0 [pid 3241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3241] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3242 attached [pid 3242] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3242] creat("./bus", 000) = 5 [pid 3242] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3240] <... futex resumed>) = 0 [pid 3240] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3240] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3242] <... futex resumed>) = 1 [pid 3242] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3242] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3240] <... futex resumed>) = 0 [pid 3240] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3240] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3242] <... futex resumed>) = 1 [pid 3242] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3242] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3240] <... futex resumed>) = 0 [pid 3240] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3240] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3242] <... futex resumed>) = 1 [pid 3242] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3241] <... ioctl resumed>) = 0 [pid 3241] close(3) = 0 [pid 3241] close(4) = 0 [pid 3241] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3241] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3241] ioctl(3, LOOP_CLR_FD) = 0 [pid 3241] close(3) = 0 [pid 3241] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3241] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3242] <... mmap resumed>) = 0x20000000 [pid 3242] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3240] <... futex resumed>) = 0 [pid 3240] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3241] <... futex resumed>) = 0 [pid 3241] memfd_create("syzkaller", 0) = 3 [pid 3241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3242] <... futex resumed>) = 1 [pid 3242] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3241] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3241] munmap(0x7f22d9170000, 138412032) = 0 [pid 3241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3241] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3241] ioctl(4, LOOP_CLR_FD) = 0 [pid 3241] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3241] close(4) = 0 [pid 3241] close(3) = 0 [pid 3241] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3241] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3240] exit_group(0 [pid 3242] <... futex resumed>) = ? [pid 3240] <... exit_group resumed>) = ? [pid 3242] +++ exited with 0 +++ [pid 3241] <... futex resumed>) = ? [pid 3241] +++ exited with 0 +++ [pid 3240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3240, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./912", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./912", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./912/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./912/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./912/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./912/bus") = 0 umount2("./912/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./912/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./912/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./912") = 0 mkdir("./913", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3243 ./strace-static-x86_64: Process 3243 attached [pid 3243] set_robust_list(0x5555564336a0, 24) = 0 [pid 3243] chdir("./913") = 0 [pid 3243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3243] setpgid(0, 0) = 0 [pid 3243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3243] write(3, "1000", 4) = 4 [pid 3243] close(3) = 0 [pid 3243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3243] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3243] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3243] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3243] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3244]}, 88) = 3244 [pid 3243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3243] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3243] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3243] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3245]}, 88) = 3245 [pid 3243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3243] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3243] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3244 attached [pid 3244] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3244] memfd_create("syzkaller", 0) = 3 [pid 3244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3244] munmap(0x7f22d914f000, 138412032) = 0 [pid 3244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3244] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3245 attached [ 69.043190][ T3241] loop0: detected capacity change from 0 to 512 [pid 3245] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3245] creat("./bus", 000) = 5 [pid 3245] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3245] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3243] <... futex resumed>) = 0 [pid 3243] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3243] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3245] <... futex resumed>) = 0 [pid 3245] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3245] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3243] <... futex resumed>) = 0 [pid 3243] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3243] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3245] <... futex resumed>) = 1 [pid 3245] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3245] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3243] <... futex resumed>) = 0 [pid 3243] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3243] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3245] <... futex resumed>) = 1 [pid 3245] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3244] <... ioctl resumed>) = 0 [pid 3244] close(3) = 0 [pid 3244] close(4) = 0 [pid 3244] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3244] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3244] ioctl(3, LOOP_CLR_FD) = 0 [pid 3244] close(3) = 0 [pid 3244] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3244] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3245] <... mmap resumed>) = 0x20000000 [pid 3245] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3243] <... futex resumed>) = 0 [pid 3243] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3244] <... futex resumed>) = 0 [pid 3244] memfd_create("syzkaller", 0) = 3 [pid 3244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3245] <... futex resumed>) = 1 [pid 3245] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3244] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3244] munmap(0x7f22d914f000, 138412032) = 0 [pid 3244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3244] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3244] ioctl(4, LOOP_CLR_FD) = 0 [pid 3244] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3244] close(4) = 0 [pid 3244] close(3) = 0 [pid 3244] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3244] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3243] exit_group(0) = ? [pid 3245] <... futex resumed>) = ? [pid 3244] <... futex resumed>) = ? [pid 3245] +++ exited with 0 +++ [pid 3244] +++ exited with 0 +++ [pid 3243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3243, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./913", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./913", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./913/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./913/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./913/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./913/bus") = 0 umount2("./913/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./913/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./913/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./913") = 0 mkdir("./914", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3246 attached [pid 3246] set_robust_list(0x5555564336a0, 24) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 3246 [pid 3246] chdir("./914") = 0 [pid 3246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3246] setpgid(0, 0) = 0 [pid 3246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3246] write(3, "1000", 4) = 4 [pid 3246] close(3) = 0 [pid 3246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3246] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3246] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3246] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3247 attached [pid 3247] set_robust_list(0x7f22e15909a0, 24 [pid 3246] <... clone3 resumed> => {parent_tid=[3247]}, 88) = 3247 [pid 3247] <... set_robust_list resumed>) = 0 [pid 3246] rt_sigprocmask(SIG_SETMASK, [], [pid 3247] rt_sigprocmask(SIG_SETMASK, [], [pid 3246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3246] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 69.102996][ T3244] loop0: detected capacity change from 0 to 512 [pid 3246] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3247] memfd_create("syzkaller", 0 [pid 3246] <... futex resumed>) = 0 [pid 3247] <... memfd_create resumed>) = 3 [pid 3246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3246] <... mmap resumed>) = 0x7f22e154f000 [pid 3246] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3248]}, 88) = 3248 [pid 3246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3246] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3246] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3248 attached [pid 3247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3248] set_robust_list(0x7f22e156f9a0, 24 [pid 3247] <... write resumed>) = 262144 [pid 3248] <... set_robust_list resumed>) = 0 [pid 3247] munmap(0x7f22d914f000, 138412032 [pid 3248] rt_sigprocmask(SIG_SETMASK, [], [pid 3247] <... munmap resumed>) = 0 [pid 3248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3247] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3248] creat("./bus", 000 [pid 3247] <... openat resumed>) = 4 [pid 3248] <... creat resumed>) = 5 [pid 3247] ioctl(4, LOOP_SET_FD, 3 [pid 3248] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3246] <... futex resumed>) = 0 [pid 3248] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3246] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3248] <... mount resumed>) = 0 [pid 3246] <... futex resumed>) = 0 [pid 3248] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3246] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3248] <... futex resumed>) = 0 [pid 3246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3248] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3246] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3246] <... futex resumed>) = 0 [pid 3248] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3246] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3248] <... open resumed>) = 6 [pid 3248] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3246] <... futex resumed>) = 0 [pid 3248] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3246] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3246] <... futex resumed>) = 0 [pid 3248] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3246] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3247] <... ioctl resumed>) = 0 [pid 3247] close(3) = 0 [pid 3247] close(4 [pid 3248] <... mmap resumed>) = 0x20000000 [pid 3248] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3247] <... close resumed>) = 0 [pid 3248] <... futex resumed>) = 1 [pid 3246] <... futex resumed>) = 0 [pid 3246] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3248] memfd_create("syzkaller", 0 [pid 3246] <... futex resumed>) = 0 [pid 3248] <... memfd_create resumed>) = 3 [pid 3248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3247] mkdir(0x200000c0, 0777 [pid 3248] <... mmap resumed>) = 0x7f22d914f000 [pid 3247] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 3247] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3247] ioctl(4, LOOP_CLR_FD) = 0 [pid 3247] close(4) = 0 [pid 3247] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3247] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3248] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3248] munmap(0x7f22d914f000, 138412032) = 0 [pid 3248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3248] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3248] ioctl(4, LOOP_CLR_FD) = 0 [pid 3248] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3248] close(4) = 0 [pid 3248] close(3) = 0 [pid 3248] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3248] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3246] exit_group(0 [pid 3247] <... futex resumed>) = ? [pid 3246] <... exit_group resumed>) = ? [pid 3247] +++ exited with 0 +++ [pid 3248] <... futex resumed>) = ? [pid 3248] +++ exited with 0 +++ [pid 3246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3246, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./914", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./914", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./914/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./914/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./914/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./914/bus") = 0 umount2("./914/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./914/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./914/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./914") = 0 mkdir("./915", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3249 ./strace-static-x86_64: Process 3249 attached [pid 3249] set_robust_list(0x5555564336a0, 24) = 0 [pid 3249] chdir("./915") = 0 [pid 3249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3249] setpgid(0, 0) = 0 [pid 3249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3249] write(3, "1000", 4) = 4 [pid 3249] close(3) = 0 [pid 3249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3249] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 69.177196][ T3247] loop0: detected capacity change from 0 to 512 [pid 3249] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3249] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3250]}, 88) = 3250 [pid 3249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3249] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3249] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3251 attached => {parent_tid=[3251]}, 88) = 3251 [pid 3249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3249] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3250 attached [pid 3250] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3250] memfd_create("syzkaller", 0) = 3 [pid 3250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3251] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3251] creat("./bus", 000) = 4 [pid 3251] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3249] <... futex resumed>) = 0 [pid 3249] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3251] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3251] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3249] <... futex resumed>) = 0 [pid 3249] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3251] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3251] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3249] <... futex resumed>) = 0 [pid 3249] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3251] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3250] <... write resumed>) = 262144 [pid 3250] munmap(0x7f22d914f000, 138412032) = 0 [pid 3250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3250] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 3250] close(3) = 0 [pid 3250] close(6) = 0 [pid 3250] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3250] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3250] ioctl(3, LOOP_CLR_FD) = 0 [pid 3250] close(3) = 0 [pid 3250] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3250] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3251] <... mmap resumed>) = 0x20000000 [pid 3251] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3249] <... futex resumed>) = 0 [pid 3249] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3250] <... futex resumed>) = 0 [pid 3250] memfd_create("syzkaller", 0) = 3 [pid 3250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3251] <... futex resumed>) = 1 [pid 3251] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3250] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3250] munmap(0x7f22d914f000, 138412032) = 0 [pid 3250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3250] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3250] ioctl(6, LOOP_CLR_FD) = 0 [pid 3250] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3250] close(6) = 0 [pid 3250] close(3) = 0 [pid 3250] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3250] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3249] exit_group(0) = ? [pid 3250] <... futex resumed>) = ? [pid 3251] <... futex resumed>) = ? [ 69.244719][ T3250] loop0: detected capacity change from 0 to 512 [ 69.251022][ T3251] blk_print_req_error: 5 callbacks suppressed [ 69.251031][ T3251] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 3250] +++ exited with 0 +++ [pid 3251] +++ exited with 0 +++ [pid 3249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3249, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./915", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./915", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./915/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./915/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./915/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./915/bus") = 0 umount2("./915/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./915/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./915/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./915") = 0 mkdir("./916", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3252 ./strace-static-x86_64: Process 3252 attached [pid 3252] set_robust_list(0x5555564336a0, 24) = 0 [pid 3252] chdir("./916") = 0 [pid 3252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3252] setpgid(0, 0) = 0 [pid 3252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3252] write(3, "1000", 4) = 4 [pid 3252] close(3) = 0 [pid 3252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3252] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3252] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3252] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3253]}, 88) = 3253 [pid 3252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3252] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3252] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3252] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3254 attached => {parent_tid=[3254]}, 88) = 3254 [pid 3252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3252] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3252] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3253 attached [pid 3253] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3253] memfd_create("syzkaller", 0) = 3 [pid 3253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3254] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3254] creat("./bus", 000 [pid 3253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3254] <... creat resumed>) = 4 [pid 3254] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3252] <... futex resumed>) = 0 [pid 3252] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3252] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3254] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3254] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3253] <... write resumed>) = 262144 [pid 3254] <... futex resumed>) = 1 [pid 3252] <... futex resumed>) = 0 [pid 3252] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3252] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3253] munmap(0x7f22d914f000, 138412032 [pid 3254] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3253] <... munmap resumed>) = 0 [pid 3253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3253] ioctl(5, LOOP_SET_FD, 3 [pid 3254] <... open resumed>) = 6 [pid 3253] <... ioctl resumed>) = 0 [pid 3253] close(3) = 0 [pid 3253] close(5 [pid 3254] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3253] <... close resumed>) = 0 [pid 3253] mkdir("./file0", 0777) = 0 [pid 3253] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3252] <... futex resumed>) = 0 [pid 3252] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3252] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3254] <... futex resumed>) = 1 [pid 3254] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 3254] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3252] <... futex resumed>) = 0 [pid 3254] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3252] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3253] <... mount resumed>) = 0 [pid 3253] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3253] ioctl(3, LOOP_CLR_FD) = 0 [pid 3253] close(3 [pid 3254] memfd_create("syzkaller", 0 [pid 3253] <... close resumed>) = 0 [pid 3253] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3253] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3254] <... memfd_create resumed>) = 3 [pid 3254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3254] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3254] munmap(0x7f22d914f000, 138412032) = 0 [pid 3254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3254] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3254] ioctl(5, LOOP_CLR_FD) = 0 [pid 3254] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3254] close(5) = 0 [pid 3254] close(3) = 0 [pid 3254] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3254] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3252] exit_group(0 [pid 3253] <... futex resumed>) = ? [pid 3252] <... exit_group resumed>) = ? [pid 3253] +++ exited with 0 +++ [pid 3254] <... futex resumed>) = ? [pid 3254] +++ exited with 0 +++ [pid 3252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3252, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./916", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./916", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./916/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./916/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./916/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./916/bus") = 0 umount2("./916/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./916/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 69.334427][ T3253] loop0: detected capacity change from 0 to 512 [ 69.346357][ T3253] EXT4-fs (loop0): 1 truncate cleaned up [ 69.352207][ T3253] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. unlink("./916/binderfs") = 0 umount2("./916/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./916/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./916/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./916/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./916/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./916/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./916") = 0 mkdir("./917", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3256 ./strace-static-x86_64: Process 3256 attached [pid 3256] set_robust_list(0x5555564336a0, 24) = 0 [pid 3256] chdir("./917") = 0 [pid 3256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3256] setpgid(0, 0) = 0 [pid 3256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3256] write(3, "1000", 4) = 4 [pid 3256] close(3) = 0 [pid 3256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3256] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3256] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3256] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3257 attached [pid 3257] set_robust_list(0x7f22e15909a0, 24 [pid 3256] <... clone3 resumed> => {parent_tid=[3257]}, 88) = 3257 [pid 3257] <... set_robust_list resumed>) = 0 [pid 3256] rt_sigprocmask(SIG_SETMASK, [], [pid 3257] rt_sigprocmask(SIG_SETMASK, [], [pid 3256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3256] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3256] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3257] memfd_create("syzkaller", 0 [pid 3256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3257] <... memfd_create resumed>) = 3 [pid 3256] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 3257] <... mmap resumed>) = 0x7f22d914f000 ./strace-static-x86_64: Process 3258 attached [pid 3258] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3258] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3256] <... clone3 resumed> => {parent_tid=[3258]}, 88) = 3258 [pid 3256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3256] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3258] <... futex resumed>) = 0 [pid 3258] creat("./bus", 000 [pid 3256] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3258] <... creat resumed>) = 4 [pid 3258] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3258] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3256] <... futex resumed>) = 0 [pid 3256] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3258] <... futex resumed>) = 0 [pid 3258] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3256] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3258] <... mount resumed>) = 0 [pid 3258] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3258] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3256] <... futex resumed>) = 0 [pid 3256] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3256] <... futex resumed>) = 1 [pid 3258] <... futex resumed>) = 0 [pid 3258] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3256] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3258] <... open resumed>) = 5 [pid 3258] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3256] <... futex resumed>) = 0 [pid 3256] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3256] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3258] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3258] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3256] <... futex resumed>) = 0 [pid 3256] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3258] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3256] <... futex resumed>) = 0 [pid 3257] <... write resumed>) = ? [pid 3258] +++ killed by SIGBUS +++ [pid 3257] +++ killed by SIGBUS +++ [pid 3256] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3256, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./917", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./917", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./917/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./917/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./917/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./917/bus") = 0 umount2("./917/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./917/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./917/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./917") = 0 mkdir("./918", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3259 ./strace-static-x86_64: Process 3259 attached [pid 3259] set_robust_list(0x5555564336a0, 24) = 0 [pid 3259] chdir("./918") = 0 [pid 3259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3259] setpgid(0, 0) = 0 [pid 3259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3259] write(3, "1000", 4) = 4 [pid 3259] close(3) = 0 [pid 3259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3259] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3259] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3259] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3260]}, 88) = 3260 [pid 3259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3259] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3259] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3261 attached => {parent_tid=[3261]}, 88) = 3261 [pid 3259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3259] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3260 attached [pid 3260] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3261] set_robust_list(0x7f22e156f9a0, 24 [pid 3260] memfd_create("syzkaller", 0) = 3 [pid 3260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3261] <... set_robust_list resumed>) = 0 [pid 3261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3261] creat("./bus", 000) = 4 [pid 3261] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3261] <... futex resumed>) = 1 [pid 3259] <... futex resumed>) = 0 [pid 3259] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3261] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3261] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3260] <... write resumed>) = 262144 [pid 3259] <... futex resumed>) = 0 [pid 3259] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3260] munmap(0x7f22d914f000, 138412032) = 0 [pid 3260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3261] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [ 69.399598][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 3260] ioctl(5, LOOP_SET_FD, 3 [pid 3261] <... open resumed>) = 6 [pid 3260] <... ioctl resumed>) = 0 [pid 3260] close(3) = 0 [pid 3260] close(5) = 0 [pid 3260] mkdir("./file0", 0777) = 0 [pid 3260] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3261] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3259] <... futex resumed>) = 0 [pid 3259] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3261] <... futex resumed>) = 1 [pid 3261] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 3261] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3259] <... futex resumed>) = 0 [pid 3259] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3261] <... futex resumed>) = 1 [pid 3261] memfd_create("syzkaller", 0) = 3 [pid 3261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3260] <... mount resumed>) = 0 [pid 3260] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3260] ioctl(5, LOOP_CLR_FD) = 0 [pid 3260] close(5 [pid 3261] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 3260] <... close resumed>) = 0 [pid 3260] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3260] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3261] <... write resumed>) = 4194304 [pid 3261] munmap(0x7f22d914f000, 138412032) = 0 [pid 3261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3261] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3261] ioctl(5, LOOP_CLR_FD) = 0 [pid 3261] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3261] close(5) = 0 [pid 3261] close(3) = 0 [pid 3261] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3261] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3259] exit_group(0) = ? [pid 3260] <... futex resumed>) = ? [pid 3260] +++ exited with 0 +++ [pid 3261] <... futex resumed>) = ? [pid 3261] +++ exited with 0 +++ [pid 3259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3259, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./918", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./918", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./918/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./918/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./918/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./918/bus") = 0 umount2("./918/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./918/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./918/binderfs") = 0 [ 69.443360][ T3260] loop0: detected capacity change from 0 to 512 [ 69.455509][ T3260] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor245: couldn't read orphan inode 12 (err -116) [ 69.469002][ T3260] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./918/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./918/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./918/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./918/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./918/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./918/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./918") = 0 mkdir("./919", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3263 ./strace-static-x86_64: Process 3263 attached [pid 3263] set_robust_list(0x5555564336a0, 24) = 0 [pid 3263] chdir("./919") = 0 [pid 3263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3263] setpgid(0, 0) = 0 [pid 3263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3263] write(3, "1000", 4) = 4 [pid 3263] close(3) = 0 [pid 3263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3263] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3263] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3263] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3264 attached => {parent_tid=[3264]}, 88) = 3264 [pid 3263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3263] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3263] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3263] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3263] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3264] set_robust_list(0x7f22e15909a0, 24 [pid 3263] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 3264] <... set_robust_list resumed>) = 0 [pid 3263] <... clone3 resumed> => {parent_tid=[3265]}, 88) = 3265 [pid 3263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3263] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3264] rt_sigprocmask(SIG_SETMASK, [], [pid 3263] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3265 attached [pid 3265] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3265] creat("./bus", 000 [pid 3264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3265] <... creat resumed>) = 3 [pid 3264] memfd_create("syzkaller", 0 [pid 3265] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3263] <... futex resumed>) = 0 [pid 3263] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3263] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3265] <... futex resumed>) = 1 [pid 3265] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3265] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3263] <... futex resumed>) = 0 [pid 3263] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3263] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3265] <... futex resumed>) = 1 [pid 3265] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3265] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3263] <... futex resumed>) = 0 [pid 3263] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3263] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3265] <... futex resumed>) = 1 [pid 3265] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3264] <... memfd_create resumed>) = 4 [pid 3265] <... mmap resumed>) = 0x20000000 [pid 3265] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3263] <... futex resumed>) = 0 [pid 3263] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3265] <... futex resumed>) = 1 [pid 3264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3265] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3264] <... mmap resumed>) = ? [pid 3265] +++ killed by SIGBUS +++ [pid 3264] +++ killed by SIGBUS +++ [pid 3263] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3263, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./919", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./919", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./919/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./919/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./919/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./919/bus") = 0 umount2("./919/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./919/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./919/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./919") = 0 mkdir("./920", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3266 ./strace-static-x86_64: Process 3266 attached [pid 3266] set_robust_list(0x5555564336a0, 24) = 0 [pid 3266] chdir("./920") = 0 [pid 3266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3266] setpgid(0, 0) = 0 [pid 3266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3266] write(3, "1000", 4) = 4 [pid 3266] close(3) = 0 [pid 3266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3266] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3266] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3266] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3266] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3267 attached [pid 3267] set_robust_list(0x7f22e15909a0, 24 [pid 3266] <... clone3 resumed> => {parent_tid=[3267]}, 88) = 3267 [pid 3267] <... set_robust_list resumed>) = 0 [pid 3266] rt_sigprocmask(SIG_SETMASK, [], [pid 3267] rt_sigprocmask(SIG_SETMASK, [], [pid 3266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3266] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3267] memfd_create("syzkaller", 0 [pid 3266] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3267] <... memfd_create resumed>) = 3 [pid 3266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3266] <... mmap resumed>) = 0x7f22e154f000 [pid 3266] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3267] <... mmap resumed>) = 0x7f22d914f000 [pid 3266] <... mprotect resumed>) = 0 [pid 3266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3268 attached => {parent_tid=[3268]}, 88) = 3268 [pid 3268] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3268] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3266] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3268] <... futex resumed>) = 0 [pid 3268] creat("./bus", 000 [pid 3266] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3268] <... creat resumed>) = 4 [pid 3268] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3268] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3266] <... futex resumed>) = 0 [pid 3266] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3268] <... futex resumed>) = 0 [pid 3268] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3266] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3268] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3266] <... futex resumed>) = 0 [pid 3266] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3268] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3266] <... futex resumed>) = 0 [pid 3266] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3268] <... open resumed>) = 5 [pid 3268] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3266] <... futex resumed>) = 0 [pid 3268] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3266] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3266] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3268] <... mmap resumed>) = 0x20000000 [pid 3267] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dbc} --- [pid 3266] <... futex resumed>) = ? [pid 3267] +++ killed by SIGBUS +++ [pid 3268] +++ killed by SIGBUS +++ [pid 3266] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3266, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./920", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./920", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./920/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./920/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./920/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./920/bus") = 0 umount2("./920/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./920/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./920/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./920") = 0 mkdir("./921", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3269 ./strace-static-x86_64: Process 3269 attached [pid 3269] set_robust_list(0x5555564336a0, 24) = 0 [pid 3269] chdir("./921") = 0 [pid 3269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3269] setpgid(0, 0) = 0 [pid 3269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3269] write(3, "1000", 4) = 4 [pid 3269] close(3) = 0 [pid 3269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3269] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3269] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3269] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3270]}, 88) = 3270 [pid 3269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3269] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3269] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 3270 attached ) = 0 [pid 3269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3270] set_robust_list(0x7f22e15909a0, 24 [pid 3269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 3270] <... set_robust_list resumed>) = 0 [pid 3270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3270] memfd_create("syzkaller", 0 [pid 3269] <... clone3 resumed> => {parent_tid=[3271]}, 88) = 3271 [pid 3269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3269] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3270] <... memfd_create resumed>) = 3 [pid 3270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 3271 attached [pid 3270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3271] set_robust_list(0x7f22e156f9a0, 24 [pid 3270] <... write resumed>) = 262144 [pid 3271] <... set_robust_list resumed>) = 0 [pid 3270] munmap(0x7f22d914f000, 138412032 [pid 3271] rt_sigprocmask(SIG_SETMASK, [], [pid 3270] <... munmap resumed>) = 0 [pid 3271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3270] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3271] creat("./bus", 000 [pid 3270] <... openat resumed>) = 4 [ 69.510054][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 3270] ioctl(4, LOOP_SET_FD, 3 [pid 3271] <... creat resumed>) = 5 [pid 3270] <... ioctl resumed>) = 0 [pid 3271] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3270] close(3 [pid 3271] <... futex resumed>) = 1 [pid 3270] <... close resumed>) = 0 [pid 3269] <... futex resumed>) = 0 [pid 3269] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3271] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3269] <... futex resumed>) = 0 [pid 3271] <... mount resumed>) = 0 [pid 3269] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3271] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3269] <... futex resumed>) = 0 [pid 3271] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3269] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3271] <... open resumed>) = 3 [pid 3269] <... futex resumed>) = 0 [pid 3271] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3269] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3271] <... futex resumed>) = 0 [pid 3269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3271] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3269] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3270] close(4) = 0 [pid 3270] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3270] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "" [pid 3271] <... mmap resumed>) = 0x20000000 [pid 3271] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3269] <... futex resumed>) = 0 [pid 3269] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3271] <... futex resumed>) = 1 [pid 3271] memfd_create("syzkaller", 0) = 4 [pid 3271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3270] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 3270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3270] ioctl(6, LOOP_CLR_FD) = 0 [pid 3270] close(6) = 0 [pid 3270] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3270] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3271] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3271] munmap(0x7f22d914f000, 138412032) = 0 [pid 3271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3271] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3271] ioctl(6, LOOP_CLR_FD) = 0 [pid 3271] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3271] close(6) = 0 [pid 3271] close(4) = 0 [pid 3271] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3271] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3269] exit_group(0 [pid 3270] <... futex resumed>) = ? [pid 3269] <... exit_group resumed>) = ? [pid 3270] +++ exited with 0 +++ [pid 3271] <... futex resumed>) = ? [pid 3271] +++ exited with 0 +++ [pid 3269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3269, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./921", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./921", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./921/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./921/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./921/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./921/bus") = 0 umount2("./921/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./921/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./921/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./921") = 0 mkdir("./922", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3272 ./strace-static-x86_64: Process 3272 attached [pid 3272] set_robust_list(0x5555564336a0, 24) = 0 [pid 3272] chdir("./922") = 0 [pid 3272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3272] setpgid(0, 0) = 0 [pid 3272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3272] write(3, "1000", 4) = 4 [pid 3272] close(3) = 0 [pid 3272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3272] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3272] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3272] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3272] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3273]}, 88) = 3273 [pid 3272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3272] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3272] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3272] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3274]}, 88) = 3274 [pid 3272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3272] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3272] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3273 attached [pid 3273] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3273] memfd_create("syzkaller", 0) = 3 [pid 3273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 3274 attached [pid 3274] set_robust_list(0x7f22e156f9a0, 24 [pid 3273] <... write resumed>) = 262144 [pid 3274] <... set_robust_list resumed>) = 0 [pid 3273] munmap(0x7f22d914f000, 138412032 [pid 3274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3273] <... munmap resumed>) = 0 [pid 3274] creat("./bus", 000 [pid 3273] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3274] <... creat resumed>) = 4 [pid 3273] <... openat resumed>) = 5 [pid 3274] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [ 69.567144][ T3270] loop0: detected capacity change from 0 to 512 [pid 3273] ioctl(5, LOOP_SET_FD, 3 [pid 3274] <... futex resumed>) = 1 [pid 3272] <... futex resumed>) = 0 [pid 3272] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3272] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3274] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3273] <... ioctl resumed>) = 0 [pid 3274] <... mount resumed>) = 0 [pid 3273] close(3 [pid 3274] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3273] <... close resumed>) = 0 [pid 3274] <... futex resumed>) = 1 [pid 3273] close(5 [pid 3274] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3272] <... futex resumed>) = 0 [pid 3272] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3272] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3273] <... close resumed>) = 0 [pid 3274] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3273] mkdir("./file0", 0777 [pid 3274] <... open resumed>) = 3 [pid 3273] <... mkdir resumed>) = 0 [pid 3274] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3274] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3273] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3272] <... futex resumed>) = 0 [pid 3272] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3274] <... futex resumed>) = 0 [pid 3272] <... futex resumed>) = 1 [pid 3274] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3272] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3274] <... mmap resumed>) = 0x20000000 [pid 3274] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3272] <... futex resumed>) = 0 [pid 3274] memfd_create("syzkaller", 0 [pid 3272] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3274] <... memfd_create resumed>) = 5 [pid 3272] <... futex resumed>) = 0 [pid 3274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3274] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 3273] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 3273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3273] ioctl(6, LOOP_CLR_FD) = 0 [pid 3273] close(6 [pid 3274] <... write resumed>) = 4194304 [pid 3274] munmap(0x7f22d914f000, 138412032) = 0 [pid 3274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3274] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3274] ioctl(6, LOOP_CLR_FD) = 0 [pid 3273] <... close resumed>) = 0 [pid 3273] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3273] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3274] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3274] close(6) = 0 [pid 3274] close(5) = 0 [pid 3274] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3274] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3272] exit_group(0) = ? [pid 3273] <... futex resumed>) = ? [pid 3273] +++ exited with 0 +++ [pid 3274] <... futex resumed>) = ? [pid 3274] +++ exited with 0 +++ [pid 3272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3272, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./922", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./922", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./922/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./922/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./922/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./922/bus") = 0 umount2("./922/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./922/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./922/binderfs") = 0 umount2("./922/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./922/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./922/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./922/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./922/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./922") = 0 mkdir("./923", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3277 ./strace-static-x86_64: Process 3277 attached [pid 3277] set_robust_list(0x5555564336a0, 24) = 0 [pid 3277] chdir("./923") = 0 [pid 3277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3277] setpgid(0, 0) = 0 [pid 3277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3277] write(3, "1000", 4) = 4 [pid 3277] close(3) = 0 [pid 3277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3277] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3277] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3277] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3278 attached [pid 3278] set_robust_list(0x7f22e15909a0, 24 [pid 3277] <... clone3 resumed> => {parent_tid=[3278]}, 88) = 3278 [pid 3278] <... set_robust_list resumed>) = 0 [pid 3277] rt_sigprocmask(SIG_SETMASK, [], [pid 3278] rt_sigprocmask(SIG_SETMASK, [], [pid 3277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3277] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3277] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3278] memfd_create("syzkaller", 0 [pid 3277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3278] <... memfd_create resumed>) = 3 [pid 3277] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3277] <... mprotect resumed>) = 0 [pid 3277] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3278] <... mmap resumed>) = 0x7f22d914f000 [pid 3277] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3279 attached => {parent_tid=[3279]}, 88) = 3279 [pid 3279] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3279] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3277] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3279] <... futex resumed>) = 0 [pid 3277] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3279] creat("./bus", 000) = 4 [pid 3279] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3279] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3277] <... futex resumed>) = 0 [pid 3277] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3277] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3279] <... futex resumed>) = 0 [pid 3279] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3279] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3279] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3277] <... futex resumed>) = 0 [pid 3277] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3279] <... futex resumed>) = 0 [pid 3277] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3279] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3279] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3277] <... futex resumed>) = 0 [pid 3279] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3277] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3277] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3279] <... mmap resumed>) = 0x20000000 [pid 3279] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3277] <... futex resumed>) = 0 [pid 3279] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3277] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3277] <... futex resumed>) = 0 [pid 3279] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3278] <... write resumed>) = ? [pid 3279] +++ killed by SIGBUS +++ [pid 3278] +++ killed by SIGBUS +++ [pid 3277] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3277, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./923", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./923", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./923/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./923/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./923/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./923/bus") = 0 umount2("./923/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./923/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./923/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./923") = 0 mkdir("./924", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3280 ./strace-static-x86_64: Process 3280 attached [pid 3280] set_robust_list(0x5555564336a0, 24) = 0 [pid 3280] chdir("./924") = 0 [pid 3280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3280] setpgid(0, 0) = 0 [ 69.627147][ T3273] loop0: detected capacity change from 0 to 512 [ 69.641297][ T3273] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor245: iget: special inode unallocated [ 69.654263][ T3273] EXT4-fs (loop0): get root inode failed [ 69.659789][ T3273] EXT4-fs (loop0): mount failed [pid 3280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3280] write(3, "1000", 4) = 4 [pid 3280] close(3) = 0 [pid 3280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3280] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3280] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3280] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3280] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3280] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3281 attached [pid 3281] set_robust_list(0x7f22e15909a0, 24 [pid 3280] <... clone3 resumed> => {parent_tid=[3281]}, 88) = 3281 [pid 3281] <... set_robust_list resumed>) = 0 [pid 3280] rt_sigprocmask(SIG_SETMASK, [], [pid 3281] rt_sigprocmask(SIG_SETMASK, [], [pid 3280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3280] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3281] memfd_create("syzkaller", 0 [pid 3280] <... futex resumed>) = 0 [pid 3280] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3281] <... memfd_create resumed>) = 3 [pid 3280] <... futex resumed>) = 0 [pid 3281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3280] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3281] <... mmap resumed>) = 0x7f22d914f000 [pid 3280] <... mprotect resumed>) = 0 [pid 3280] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3282 attached => {parent_tid=[3282]}, 88) = 3282 [pid 3282] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3282] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3280] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3282] <... futex resumed>) = 0 [pid 3282] creat("./bus", 000 [pid 3280] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3282] <... creat resumed>) = 4 [pid 3282] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3282] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3280] <... futex resumed>) = 0 [pid 3280] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3282] <... futex resumed>) = 0 [pid 3280] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3282] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3282] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3280] <... futex resumed>) = 0 [pid 3282] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3280] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3280] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3282] <... open resumed>) = 5 [pid 3282] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3280] <... futex resumed>) = 0 [pid 3282] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3280] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3280] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3282] <... mmap resumed>) = 0x20000000 [pid 3282] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3282] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3280] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3282] <... futex resumed>) = 0 [pid 3280] <... futex resumed>) = 1 [pid 3282] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3282] +++ killed by SIGBUS +++ [pid 3281] +++ killed by SIGBUS +++ [pid 3280] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3280, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./924", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./924", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./924/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./924/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./924/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./924/bus") = 0 umount2("./924/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./924/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./924/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./924") = 0 mkdir("./925", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3283 ./strace-static-x86_64: Process 3283 attached [pid 3283] set_robust_list(0x5555564336a0, 24) = 0 [pid 3283] chdir("./925") = 0 [pid 3283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3283] setpgid(0, 0) = 0 [pid 3283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3283] write(3, "1000", 4) = 4 [pid 3283] close(3) = 0 [pid 3283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3283] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3283] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3283] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3284 attached [pid 3284] set_robust_list(0x7f22e15909a0, 24 [pid 3283] <... clone3 resumed> => {parent_tid=[3284]}, 88) = 3284 [pid 3284] <... set_robust_list resumed>) = 0 [pid 3283] rt_sigprocmask(SIG_SETMASK, [], [pid 3284] rt_sigprocmask(SIG_SETMASK, [], [pid 3283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3283] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3283] <... futex resumed>) = 0 [pid 3283] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] memfd_create("syzkaller", 0 [pid 3283] <... futex resumed>) = 0 [pid 3283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3284] <... memfd_create resumed>) = 3 [pid 3284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3283] <... mmap resumed>) = 0x7f22e154f000 [pid 3283] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3284] <... mmap resumed>) = 0x7f22d914f000 [pid 3283] <... mprotect resumed>) = 0 [pid 3283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3285 attached => {parent_tid=[3285]}, 88) = 3285 [pid 3285] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3285] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3283] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3285] <... futex resumed>) = 0 [pid 3285] creat("./bus", 000 [pid 3283] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3285] <... creat resumed>) = 4 [pid 3285] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3285] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3283] <... futex resumed>) = 0 [pid 3283] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3283] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3285] <... futex resumed>) = 0 [pid 3285] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3285] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3283] <... futex resumed>) = 0 [pid 3285] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3283] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3283] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3285] <... open resumed>) = 5 [pid 3285] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3283] <... futex resumed>) = 0 [pid 3285] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3283] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3283] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3285] <... mmap resumed>) = 0x20000000 [pid 3284] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d6e} --- [pid 3285] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3283] <... futex resumed>) = 0 [pid 3283] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3285] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3285] +++ killed by SIGBUS +++ [pid 3284] +++ killed by SIGBUS +++ [pid 3283] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3283, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./925", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./925", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./925/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./925/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./925/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./925/bus") = 0 umount2("./925/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./925/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./925/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./925") = 0 mkdir("./926", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3286 ./strace-static-x86_64: Process 3286 attached [pid 3286] set_robust_list(0x5555564336a0, 24) = 0 [pid 3286] chdir("./926") = 0 [pid 3286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3286] setpgid(0, 0) = 0 [pid 3286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3286] write(3, "1000", 4) = 4 [pid 3286] close(3) = 0 [pid 3286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3286] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3286] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3286] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3286] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3287]}, 88) = 3287 ./strace-static-x86_64: Process 3287 attached [pid 3287] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3287] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3286] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3287] <... futex resumed>) = 0 [pid 3286] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3287] memfd_create("syzkaller", 0) = 3 [pid 3287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3286] <... futex resumed>) = 0 [pid 3286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3286] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} [pid 3287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3286] <... clone3 resumed> => {parent_tid=[3288]}, 88) = 3288 [pid 3286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3286] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3288 attached [pid 3287] <... write resumed>) = 262144 [pid 3288] set_robust_list(0x7f22d916f9a0, 24 [pid 3287] munmap(0x7f22d9170000, 138412032 [pid 3288] <... set_robust_list resumed>) = 0 [pid 3286] <... futex resumed>) = 0 [pid 3288] rt_sigprocmask(SIG_SETMASK, [], [pid 3287] <... munmap resumed>) = 0 [pid 3288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3288] creat("./bus", 000 [pid 3287] <... openat resumed>) = 4 [pid 3287] ioctl(4, LOOP_SET_FD, 3 [pid 3286] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3288] <... creat resumed>) = 5 [pid 3288] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3286] <... futex resumed>) = 0 [pid 3286] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3286] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3288] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3288] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3286] <... futex resumed>) = 0 [pid 3286] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3286] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3288] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3288] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3286] <... futex resumed>) = 0 [pid 3286] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3286] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3288] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3287] <... ioctl resumed>) = 0 [pid 3287] close(3) = 0 [pid 3287] close(4) = 0 [pid 3287] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3287] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3287] ioctl(3, LOOP_CLR_FD) = 0 [pid 3287] close(3) = 0 [pid 3287] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3287] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3288] <... mmap resumed>) = 0x20000000 [pid 3288] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3286] <... futex resumed>) = 0 [pid 3286] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3287] <... futex resumed>) = 0 [pid 3287] memfd_create("syzkaller", 0) = 3 [pid 3287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3288] <... futex resumed>) = 1 [pid 3288] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3287] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3287] munmap(0x7f22d9170000, 138412032) = 0 [pid 3287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3287] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3287] ioctl(4, LOOP_CLR_FD) = 0 [pid 3287] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3287] close(4) = 0 [pid 3287] close(3) = 0 [pid 3287] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3287] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3286] exit_group(0 [pid 3288] <... futex resumed>) = ? [pid 3286] <... exit_group resumed>) = ? [pid 3288] +++ exited with 0 +++ [pid 3287] <... futex resumed>) = ? [pid 3287] +++ exited with 0 +++ [pid 3286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3286, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./926", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./926", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./926/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./926/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./926/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./926/bus") = 0 umount2("./926/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./926/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./926/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./926") = 0 mkdir("./927", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3289 ./strace-static-x86_64: Process 3289 attached [pid 3289] set_robust_list(0x5555564336a0, 24) = 0 [pid 3289] chdir("./927") = 0 [pid 3289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3289] setpgid(0, 0) = 0 [pid 3289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3289] write(3, "1000", 4) = 4 [pid 3289] close(3) = 0 [pid 3289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3289] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3289] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [ 69.775121][ T3287] loop0: detected capacity change from 0 to 512 [pid 3289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3289] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3290]}, 88) = 3290 ./strace-static-x86_64: Process 3290 attached [pid 3290] set_robust_list(0x7f22e15909a0, 24 [pid 3289] rt_sigprocmask(SIG_SETMASK, [], [pid 3290] <... set_robust_list resumed>) = 0 [pid 3289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3290] rt_sigprocmask(SIG_SETMASK, [], [pid 3289] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3289] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3290] memfd_create("syzkaller", 0 [pid 3289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3290] <... memfd_create resumed>) = 3 [pid 3290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3289] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3290] <... mmap resumed>) = 0x7f22d914f000 [pid 3289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3291 attached => {parent_tid=[3291]}, 88) = 3291 [pid 3291] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3291] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3289] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3291] <... futex resumed>) = 0 [pid 3291] creat("./bus", 000 [pid 3289] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3291] <... creat resumed>) = 4 [pid 3291] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3291] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3289] <... futex resumed>) = 0 [pid 3289] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3291] <... futex resumed>) = 0 [pid 3291] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3289] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3291] <... mount resumed>) = 0 [pid 3290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3291] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3291] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3289] <... futex resumed>) = 0 [pid 3289] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3289] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3291] <... futex resumed>) = 0 [pid 3291] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3291] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3289] <... futex resumed>) = 0 [pid 3291] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3289] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3289] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3291] <... mmap resumed>) = 0x20000000 [pid 3291] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3289] <... futex resumed>) = 0 [pid 3291] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3289] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3291] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3290] <... write resumed>) = ? [pid 3290] +++ killed by SIGBUS +++ [pid 3291] +++ killed by SIGBUS +++ [pid 3289] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3289, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./927", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./927", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./927/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./927/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./927/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./927/bus") = 0 umount2("./927/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./927/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./927/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./927") = 0 mkdir("./928", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3292 ./strace-static-x86_64: Process 3292 attached [pid 3292] set_robust_list(0x5555564336a0, 24) = 0 [pid 3292] chdir("./928") = 0 [pid 3292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3292] setpgid(0, 0) = 0 [pid 3292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3292] write(3, "1000", 4) = 4 [pid 3292] close(3) = 0 [pid 3292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3292] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3292] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3292] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3293]}, 88) = 3293 [pid 3292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3292] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3292] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3292] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3293 attached => {parent_tid=[3294]}, 88) = 3294 [pid 3292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3292] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3292] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3293] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3293] memfd_create("syzkaller", 0./strace-static-x86_64: Process 3294 attached ) = 3 [pid 3294] set_robust_list(0x7f22e156f9a0, 24 [pid 3293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3294] <... set_robust_list resumed>) = 0 [pid 3294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3294] creat("./bus", 000) = 4 [pid 3294] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3292] <... futex resumed>) = 0 [pid 3292] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3292] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3294] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3294] <... mount resumed>) = 0 [pid 3294] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3292] <... futex resumed>) = 0 [pid 3292] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3292] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3294] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3293] <... write resumed>) = 262144 [pid 3293] munmap(0x7f22d914f000, 138412032) = 0 [pid 3293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3293] ioctl(6, LOOP_SET_FD, 3 [pid 3294] <... open resumed>) = 5 [pid 3293] <... ioctl resumed>) = 0 [pid 3293] close(3) = 0 [pid 3293] close(6) = 0 [pid 3293] mkdir("./file0", 0777) = 0 [pid 3293] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3294] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3292] <... futex resumed>) = 0 [pid 3292] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3292] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3294] <... futex resumed>) = 1 [pid 3294] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3294] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3292] <... futex resumed>) = 0 [pid 3294] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3292] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3293] <... mount resumed>) = 0 [pid 3292] <... futex resumed>) = 0 [pid 3294] memfd_create("syzkaller", 0) = 3 [pid 3293] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY [pid 3294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3293] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 3294] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 3293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3293] ioctl(6, LOOP_CLR_FD) = 0 [pid 3293] close(6) = 0 [pid 3293] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3293] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3294] <... write resumed>) = 4194304 [pid 3294] munmap(0x7f22d914f000, 138412032) = 0 [pid 3294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3294] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3294] ioctl(6, LOOP_CLR_FD) = 0 [pid 3294] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3294] close(6) = 0 [pid 3294] close(3) = 0 [pid 3294] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3292] exit_group(0 [pid 3293] <... futex resumed>) = ? [pid 3292] <... exit_group resumed>) = ? [pid 3293] +++ exited with 0 +++ [pid 3294] +++ exited with 0 +++ [pid 3292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3292, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./928", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./928", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./928/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./928/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./928/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./928/bus") = 0 umount2("./928/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./928/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./928/binderfs") = 0 [ 69.868632][ T3293] loop0: detected capacity change from 0 to 512 [ 69.880575][ T3293] EXT4-fs (loop0): 1 truncate cleaned up [ 69.886237][ T3293] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./928/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./928/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./928/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./928/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./928/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./928/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./928") = 0 mkdir("./929", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3297 attached [pid 3297] set_robust_list(0x5555564336a0, 24) = 0 [pid 3297] chdir("./929") = 0 [pid 3297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3297] setpgid(0, 0) = 0 [pid 3297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 3297 [pid 3297] <... openat resumed>) = 3 [pid 3297] write(3, "1000", 4) = 4 [pid 3297] close(3) = 0 [pid 3297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3297] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3297] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3297] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3298]}, 88) = 3298 [pid 3297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3297] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3297] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3297] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3299]}, 88) = 3299 [pid 3297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3297] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3297] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3298 attached [pid 3298] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3298] memfd_create("syzkaller", 0) = 3 [pid 3298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3298] munmap(0x7f22d914f000, 138412032) = 0 [pid 3298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3298] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3299 attached [pid 3299] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3299] creat("./bus", 000) = 5 [pid 3299] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3299] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3297] <... futex resumed>) = 0 [pid 3297] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3297] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3299] <... futex resumed>) = 0 [pid 3299] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3299] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3297] <... futex resumed>) = 0 [pid 3297] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3297] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3299] <... futex resumed>) = 1 [pid 3299] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3299] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3297] <... futex resumed>) = 0 [pid 3297] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3297] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3299] <... futex resumed>) = 1 [pid 3299] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3298] <... ioctl resumed>) = 0 [pid 3298] close(3) = 0 [pid 3298] close(4 [pid 3299] <... mmap resumed>) = 0x20000000 [pid 3299] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3297] <... futex resumed>) = 0 [pid 3297] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3299] <... futex resumed>) = 1 [pid 3299] memfd_create("syzkaller", 0) = 3 [pid 3299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3298] <... close resumed>) = 0 [pid 3298] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3298] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3298] ioctl(4, LOOP_CLR_FD) = 0 [pid 3298] close(4) = 0 [pid 3298] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3298] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3299] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3299] munmap(0x7f22d914f000, 138412032) = 0 [pid 3299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3299] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3299] ioctl(4, LOOP_CLR_FD) = 0 [pid 3299] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3299] close(4) = 0 [pid 3299] close(3) = 0 [pid 3299] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3299] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3297] exit_group(0) = ? [pid 3299] <... futex resumed>) = ? [pid 3298] <... futex resumed>) = ? [pid 3298] +++ exited with 0 +++ [pid 3299] +++ exited with 0 +++ [pid 3297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3297, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./929", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./929", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./929/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./929/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./929/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./929/bus") = 0 umount2("./929/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./929/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./929/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./929") = 0 mkdir("./930", 0777) = 0 [ 69.941098][ T293] EXT4-fs (loop0): unmounting filesystem. [ 69.965798][ T3298] loop0: detected capacity change from 0 to 512 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3300 ./strace-static-x86_64: Process 3300 attached [pid 3300] set_robust_list(0x5555564336a0, 24) = 0 [pid 3300] chdir("./930") = 0 [pid 3300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3300] setpgid(0, 0) = 0 [pid 3300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3300] write(3, "1000", 4) = 4 [pid 3300] close(3) = 0 [pid 3300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3300] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3300] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3300] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3301]}, 88) = 3301 [pid 3300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3300] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3300] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3300] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3302]}, 88) = 3302 [pid 3300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3300] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3300] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3301 attached [pid 3301] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3301] memfd_create("syzkaller", 0) = 3 [pid 3301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3301] munmap(0x7f22d914f000, 138412032) = 0 [pid 3301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3301] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3302 attached [pid 3302] set_robust_list(0x7f22e156f9a0, 24 [pid 3301] <... ioctl resumed>) = 0 [pid 3302] <... set_robust_list resumed>) = 0 [pid 3302] rt_sigprocmask(SIG_SETMASK, [], [pid 3301] close(3 [pid 3302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3302] creat("./bus", 000 [pid 3301] <... close resumed>) = 0 [pid 3302] <... creat resumed>) = 3 [pid 3302] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3301] close(4 [pid 3302] <... futex resumed>) = 1 [pid 3300] <... futex resumed>) = 0 [pid 3300] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3300] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3302] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3301] <... close resumed>) = 0 [pid 3302] <... mount resumed>) = 0 [pid 3302] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3302] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3301] mkdir("./file0", 0777 [pid 3300] <... futex resumed>) = 0 [pid 3300] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3302] <... futex resumed>) = 0 [pid 3300] <... futex resumed>) = 1 [pid 3302] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3300] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3302] <... open resumed>) = 4 [pid 3302] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3300] <... futex resumed>) = 0 [pid 3302] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3300] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3301] <... mkdir resumed>) = 0 [pid 3301] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3302] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3300] <... futex resumed>) = 0 [pid 3300] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3302] <... mmap resumed>) = 0x20000000 [pid 3302] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3300] <... futex resumed>) = 0 [pid 3300] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3302] memfd_create("syzkaller", 0) = 5 [pid 3302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3301] <... mount resumed>) = 0 [pid 3301] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3301] ioctl(6, LOOP_CLR_FD) = 0 [pid 3301] close(6 [pid 3302] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304 [pid 3301] <... close resumed>) = 0 [pid 3301] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3301] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3302] <... write resumed>) = 4194304 [pid 3302] munmap(0x7f22d914f000, 138412032) = 0 [pid 3302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3302] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3302] ioctl(6, LOOP_CLR_FD) = 0 [pid 3302] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3302] close(6) = 0 [pid 3302] close(5) = 0 [pid 3302] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3302] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3300] exit_group(0) = ? [pid 3301] <... futex resumed>) = ? [pid 3301] +++ exited with 0 +++ [pid 3302] <... futex resumed>) = ? [pid 3302] +++ exited with 0 +++ [pid 3300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3300, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./930", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./930", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./930/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./930/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./930/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 70.030142][ T3301] loop0: detected capacity change from 0 to 512 [ 70.044905][ T3301] EXT4-fs (loop0): 1 truncate cleaned up [ 70.050500][ T3301] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. unlink("./930/bus") = 0 umount2("./930/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./930/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./930/binderfs") = 0 umount2("./930/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./930/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./930/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./930/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./930/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./930/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./930") = 0 mkdir("./931", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3304 ./strace-static-x86_64: Process 3304 attached [pid 3304] set_robust_list(0x5555564336a0, 24) = 0 [pid 3304] chdir("./931") = 0 [pid 3304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3304] setpgid(0, 0) = 0 [pid 3304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3304] write(3, "1000", 4) = 4 [pid 3304] close(3) = 0 [pid 3304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3304] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3304] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3305]}, 88) = 3305 [pid 3304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3304] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3304] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3306]}, 88) = 3306 [pid 3304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3304] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3306 attached [pid 3306] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3306] creat("./bus", 000) = 3 [pid 3306] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3304] <... futex resumed>) = 0 [pid 3304] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3306] <... futex resumed>) = 1 [pid 3306] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3306] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3304] <... futex resumed>) = 0 [pid 3304] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3306] <... futex resumed>) = 1 [pid 3306] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3306] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3304] <... futex resumed>) = 0 [pid 3304] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3306] <... futex resumed>) = 1 [pid 3306] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3306] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3304] <... futex resumed>) = 0 [pid 3304] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3306] <... futex resumed>) = 1 [pid 3306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3306] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3305 attached [pid 3305] +++ killed by SIGBUS +++ [pid 3304] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3304, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./931", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./931", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./931/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./931/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./931/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./931/bus") = 0 umount2("./931/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./931/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./931/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./931") = 0 mkdir("./932", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3307 ./strace-static-x86_64: Process 3307 attached [pid 3307] set_robust_list(0x5555564336a0, 24) = 0 [pid 3307] chdir("./932") = 0 [pid 3307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3307] setpgid(0, 0) = 0 [pid 3307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3307] write(3, "1000", 4) = 4 [pid 3307] close(3) = 0 [pid 3307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3307] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3307] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3307] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3308 attached [pid 3308] set_robust_list(0x7f22e15909a0, 24 [pid 3307] <... clone3 resumed> => {parent_tid=[3308]}, 88) = 3308 [pid 3308] <... set_robust_list resumed>) = 0 [pid 3307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3307] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3308] memfd_create("syzkaller", 0 [pid 3307] <... futex resumed>) = 0 [pid 3307] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3308] <... memfd_create resumed>) = 3 [pid 3308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3307] <... futex resumed>) = 0 [pid 3307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3308] <... mmap resumed>) = 0x7f22d9170000 [pid 3307] <... mmap resumed>) = 0x7f22d914f000 [pid 3307] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 3309 attached => {parent_tid=[3309]}, 88) = 3309 [pid 3309] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3309] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3307] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3309] <... futex resumed>) = 0 [pid 3309] creat("./bus", 000 [pid 3307] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3309] <... creat resumed>) = 4 [pid 3309] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3309] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3307] <... futex resumed>) = 0 [pid 3307] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3307] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3309] <... futex resumed>) = 0 [pid 3309] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3309] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3307] <... futex resumed>) = 0 [pid 3309] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3307] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3307] <... futex resumed>) = 0 [pid 3307] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3309] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3309] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3307] <... futex resumed>) = 0 [pid 3308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3307] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3307] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3309] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3309] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3307] <... futex resumed>) = 0 [pid 3307] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3309] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3308] <... write resumed>) = ? [pid 3309] +++ killed by SIGBUS +++ [pid 3308] +++ killed by SIGBUS +++ [pid 3307] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3307, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./932", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./932", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./932/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./932/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./932/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./932/bus") = 0 umount2("./932/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./932/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./932/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./932") = 0 mkdir("./933", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3310 ./strace-static-x86_64: Process 3310 attached [pid 3310] set_robust_list(0x5555564336a0, 24) = 0 [pid 3310] chdir("./933") = 0 [pid 3310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3310] setpgid(0, 0) = 0 [pid 3310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3310] write(3, "1000", 4) = 4 [pid 3310] close(3) = 0 [pid 3310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3310] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3310] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3310] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3311 attached => {parent_tid=[3311]}, 88) = 3311 [pid 3311] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3311] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3310] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3311] <... futex resumed>) = 0 [pid 3310] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3311] memfd_create("syzkaller", 0) = 3 [pid 3310] <... futex resumed>) = 0 [pid 3311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3310] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3312]}, 88) = 3312 ./strace-static-x86_64: Process 3312 attached [ 70.127007][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 3311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3310] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3310] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3312] set_robust_list(0x7f22d916f9a0, 24 [pid 3311] <... write resumed>) = 262144 [pid 3311] munmap(0x7f22d9170000, 138412032 [pid 3312] <... set_robust_list resumed>) = 0 [pid 3311] <... munmap resumed>) = 0 [pid 3311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3311] ioctl(4, LOOP_SET_FD, 3 [pid 3312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3312] creat("./bus", 000) = 5 [pid 3312] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3310] <... futex resumed>) = 0 [pid 3310] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3310] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3312] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3312] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3310] <... futex resumed>) = 0 [pid 3310] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3310] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3312] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3312] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3310] <... futex resumed>) = 0 [pid 3310] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3310] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3312] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3311] <... ioctl resumed>) = 0 [pid 3311] close(3) = 0 [pid 3311] close(4) = 0 [pid 3311] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3311] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3311] ioctl(3, LOOP_CLR_FD) = 0 [pid 3311] close(3) = 0 [pid 3311] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3311] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3312] <... mmap resumed>) = 0x20000000 [pid 3312] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3310] <... futex resumed>) = 0 [pid 3310] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3311] <... futex resumed>) = 0 [pid 3311] memfd_create("syzkaller", 0) = 3 [pid 3311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3312] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3311] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3311] munmap(0x7f22d9170000, 138412032) = 0 [pid 3311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3311] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3311] ioctl(4, LOOP_CLR_FD) = 0 [pid 3311] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3311] close(4) = 0 [pid 3311] close(3) = 0 [pid 3311] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3310] exit_group(0 [pid 3311] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3312] <... futex resumed>) = ? [pid 3311] <... futex resumed>) = ? [pid 3310] <... exit_group resumed>) = ? [pid 3312] +++ exited with 0 +++ [pid 3311] +++ exited with 0 +++ [pid 3310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3310, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./933", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./933", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./933/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./933/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./933/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./933/bus") = 0 umount2("./933/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./933/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./933/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./933") = 0 mkdir("./934", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3313 ./strace-static-x86_64: Process 3313 attached [pid 3313] set_robust_list(0x5555564336a0, 24) = 0 [pid 3313] chdir("./934") = 0 [pid 3313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3313] setpgid(0, 0) = 0 [pid 3313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3313] write(3, "1000", 4) = 4 [pid 3313] close(3) = 0 [pid 3313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3313] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3313] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3313] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3314]}, 88) = 3314 [pid 3313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3313] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3313] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3313] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3315]}, 88) = 3315 [pid 3313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3313] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3313] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3314 attached [pid 3314] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3314] memfd_create("syzkaller", 0) = 3 [pid 3314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 3315 attached [pid 3314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3315] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3315] rt_sigprocmask(SIG_SETMASK, [], [pid 3314] <... write resumed>) = 262144 [pid 3314] munmap(0x7f22d914f000, 138412032 [pid 3315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3314] <... munmap resumed>) = 0 [pid 3314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 70.189087][ T3311] loop0: detected capacity change from 0 to 512 [pid 3314] ioctl(4, LOOP_SET_FD, 3 [pid 3315] creat("./bus", 000) = 5 [pid 3315] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3315] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3314] <... ioctl resumed>) = 0 [pid 3313] <... futex resumed>) = 0 [pid 3314] close(3 [pid 3313] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3314] <... close resumed>) = 0 [pid 3313] <... futex resumed>) = 1 [pid 3315] <... futex resumed>) = 0 [pid 3313] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3315] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3315] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3315] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3314] close(4 [pid 3313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3313] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3315] <... futex resumed>) = 0 [pid 3314] <... close resumed>) = 0 [pid 3313] <... futex resumed>) = 1 [pid 3313] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3314] mkdir("./file0", 0777 [pid 3315] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3314] <... mkdir resumed>) = 0 [pid 3315] <... open resumed>) = 3 [pid 3315] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3313] <... futex resumed>) = 0 [pid 3313] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3313] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3315] <... futex resumed>) = 1 [pid 3315] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3314] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3314] ioctl(4, LOOP_CLR_FD) = 0 [pid 3314] close(4) = 0 [pid 3314] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3314] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3315] <... mmap resumed>) = 0x20000000 [pid 3315] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3313] <... futex resumed>) = 0 [pid 3313] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3314] <... futex resumed>) = 0 [pid 3314] memfd_create("syzkaller", 0) = 4 [pid 3315] <... futex resumed>) = 1 [pid 3314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3315] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3314] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3314] munmap(0x7f22d914f000, 138412032) = 0 [pid 3314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3314] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3314] ioctl(6, LOOP_CLR_FD) = 0 [pid 3314] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [ 70.249776][ T3314] loop0: detected capacity change from 0 to 512 [pid 3314] close(6) = 0 [pid 3314] close(4) = 0 [pid 3314] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3313] exit_group(0) = ? [pid 3315] <... futex resumed>) = ? [pid 3314] +++ exited with 0 +++ [pid 3315] +++ exited with 0 +++ [pid 3313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3313, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./934", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./934", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./934/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./934/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./934/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./934/bus") = 0 umount2("./934/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./934/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./934/binderfs") = 0 umount2("./934/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./934/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./934/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./934/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./934/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./934") = 0 mkdir("./935", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3316 ./strace-static-x86_64: Process 3316 attached [pid 3316] set_robust_list(0x5555564336a0, 24) = 0 [pid 3316] chdir("./935") = 0 [pid 3316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3316] setpgid(0, 0) = 0 [pid 3316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3316] write(3, "1000", 4) = 4 [pid 3316] close(3) = 0 [pid 3316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3316] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3316] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3316] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3317 attached [pid 3317] set_robust_list(0x7f22e15909a0, 24 [pid 3316] <... clone3 resumed> => {parent_tid=[3317]}, 88) = 3317 [pid 3317] <... set_robust_list resumed>) = 0 [pid 3316] rt_sigprocmask(SIG_SETMASK, [], [pid 3317] rt_sigprocmask(SIG_SETMASK, [], [pid 3316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3316] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3316] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3317] memfd_create("syzkaller", 0 [pid 3316] <... futex resumed>) = 0 [pid 3316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3317] <... memfd_create resumed>) = 3 [pid 3317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3316] <... mmap resumed>) = 0x7f22e154f000 [pid 3316] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3317] <... mmap resumed>) = 0x7f22d914f000 [pid 3316] <... mprotect resumed>) = 0 [pid 3316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3318 attached => {parent_tid=[3318]}, 88) = 3318 [pid 3316] rt_sigprocmask(SIG_SETMASK, [], [pid 3318] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3318] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3316] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3318] <... futex resumed>) = 0 [pid 3318] creat("./bus", 000 [pid 3316] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3318] <... creat resumed>) = 4 [pid 3318] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3318] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3316] <... futex resumed>) = 0 [pid 3316] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3318] <... futex resumed>) = 0 [pid 3318] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3316] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3318] <... mount resumed>) = 0 [pid 3318] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3318] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3316] <... futex resumed>) = 0 [pid 3316] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3318] <... futex resumed>) = 0 [pid 3316] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3318] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3318] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3316] <... futex resumed>) = 0 [pid 3316] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3318] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3316] <... futex resumed>) = 0 [pid 3316] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3318] <... mmap resumed>) = 0x20000000 [pid 3318] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3316] <... futex resumed>) = 0 [pid 3316] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3318] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3317] <... write resumed>) = ? [pid 3318] +++ killed by SIGBUS +++ [pid 3317] +++ killed by SIGBUS +++ [pid 3316] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3316, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./935", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./935", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./935/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./935/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./935/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./935/bus") = 0 umount2("./935/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./935/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./935/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./935") = 0 mkdir("./936", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3319 ./strace-static-x86_64: Process 3319 attached [pid 3319] set_robust_list(0x5555564336a0, 24) = 0 [pid 3319] chdir("./936") = 0 [pid 3319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3319] setpgid(0, 0) = 0 [pid 3319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3319] write(3, "1000", 4) = 4 [pid 3319] close(3) = 0 [pid 3319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3319] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3319] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3319] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3320 attached => {parent_tid=[3320]}, 88) = 3320 [pid 3320] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3320] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3319] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3320] <... futex resumed>) = 0 [pid 3320] memfd_create("syzkaller", 0 [pid 3319] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3320] <... memfd_create resumed>) = 3 [pid 3319] <... futex resumed>) = 0 [pid 3320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3319] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3321]}, 88) = 3321 ./strace-static-x86_64: Process 3321 attached [pid 3320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3321] set_robust_list(0x7f22d916f9a0, 24 [pid 3319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3319] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3319] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3321] <... set_robust_list resumed>) = 0 [pid 3320] <... write resumed>) = 262144 [pid 3320] munmap(0x7f22d9170000, 138412032) = 0 [pid 3320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3320] ioctl(4, LOOP_SET_FD, 3 [pid 3321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3321] creat("./bus", 000) = 5 [pid 3321] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3319] <... futex resumed>) = 0 [pid 3319] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3319] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3321] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3321] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3319] <... futex resumed>) = 0 [pid 3319] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3319] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3321] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3321] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3319] <... futex resumed>) = 0 [pid 3319] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3319] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3321] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3320] <... ioctl resumed>) = 0 [pid 3320] close(3) = 0 [pid 3320] close(4) = 0 [pid 3320] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3320] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3320] ioctl(3, LOOP_CLR_FD) = 0 [pid 3320] close(3) = 0 [pid 3320] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3320] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3321] <... mmap resumed>) = 0x20000000 [pid 3321] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3319] <... futex resumed>) = 0 [pid 3319] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3321] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3320] <... futex resumed>) = 0 [pid 3320] memfd_create("syzkaller", 0) = 3 [pid 3320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3320] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3320] munmap(0x7f22d9170000, 138412032) = 0 [pid 3320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3320] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3320] ioctl(4, LOOP_CLR_FD) = 0 [pid 3320] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3320] close(4) = 0 [pid 3320] close(3) = 0 [pid 3320] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3320] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3319] exit_group(0 [pid 3321] <... futex resumed>) = ? [pid 3321] +++ exited with 0 +++ [pid 3319] <... exit_group resumed>) = ? [pid 3320] <... futex resumed>) = ? [pid 3320] +++ exited with 0 +++ [pid 3319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3319, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./936", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./936", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./936/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./936/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./936/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./936/bus") = 0 umount2("./936/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./936/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./936/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./936") = 0 mkdir("./937", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3322 ./strace-static-x86_64: Process 3322 attached [pid 3322] set_robust_list(0x5555564336a0, 24) = 0 [pid 3322] chdir("./937") = 0 [pid 3322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3322] setpgid(0, 0) = 0 [pid 3322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3322] write(3, "1000", 4) = 4 [pid 3322] close(3) = 0 [pid 3322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3322] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3322] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3322] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3323]}, 88) = 3323 [pid 3322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3322] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3322] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3322] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3324 attached => {parent_tid=[3324]}, 88) = 3324 [pid 3322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3322] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3322] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3324] set_robust_list(0x7f22e156f9a0, 24./strace-static-x86_64: Process 3323 attached [pid 3323] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3323] memfd_create("syzkaller", 0 [pid 3324] <... set_robust_list resumed>) = 0 [ 70.361124][ T3320] loop0: detected capacity change from 0 to 512 [pid 3323] <... memfd_create resumed>) = 3 [pid 3324] rt_sigprocmask(SIG_SETMASK, [], [pid 3323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3324] creat("./bus", 000) = 4 [pid 3324] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3322] <... futex resumed>) = 0 [pid 3322] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3322] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3324] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3324] <... mount resumed>) = 0 [pid 3324] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3322] <... futex resumed>) = 0 [pid 3322] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3322] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3324] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3323] <... write resumed>) = 262144 [pid 3323] munmap(0x7f22d914f000, 138412032) = 0 [pid 3324] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3323] ioctl(6, LOOP_SET_FD, 3 [pid 3324] <... futex resumed>) = 1 [pid 3322] <... futex resumed>) = 0 [pid 3322] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3322] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3324] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3323] <... ioctl resumed>) = 0 [pid 3323] close(3) = 0 [pid 3323] close(6) = 0 [pid 3323] mkdir("./file0", 0777) = 0 [pid 3323] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3324] <... mmap resumed>) = 0x20000000 [pid 3324] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3322] <... futex resumed>) = 0 [pid 3322] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3324] <... futex resumed>) = 1 [pid 3324] memfd_create("syzkaller", 0) = 3 [pid 3324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3323] <... mount resumed>) = 0 [pid 3323] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3323] ioctl(6, LOOP_CLR_FD) = 0 [pid 3323] close(6) = 0 [pid 3323] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3323] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3324] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3324] munmap(0x7f22d914f000, 138412032) = 0 [pid 3324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3324] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3324] ioctl(6, LOOP_CLR_FD) = 0 [pid 3324] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3324] close(6) = 0 [pid 3324] close(3) = 0 [pid 3324] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3322] exit_group(0) = ? [pid 3323] <... futex resumed>) = ? [pid 3323] +++ exited with 0 +++ [pid 3324] <... futex resumed>) = ? [pid 3324] +++ exited with 0 +++ [pid 3322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3322, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./937", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./937", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./937/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./937/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./937/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./937/bus") = 0 umount2("./937/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./937/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./937/binderfs") = 0 [ 70.430517][ T3323] loop0: detected capacity change from 0 to 512 [ 70.442659][ T3323] EXT4-fs (loop0): 1 truncate cleaned up [ 70.448290][ T3323] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./937/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./937/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./937/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./937/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./937/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./937/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./937") = 0 mkdir("./938", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3326 attached [pid 3326] set_robust_list(0x5555564336a0, 24) = 0 [pid 3326] chdir("./938") = 0 [pid 3326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3326] setpgid(0, 0) = 0 [pid 3326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 3326 [pid 3326] <... openat resumed>) = 3 [pid 3326] write(3, "1000", 4) = 4 [pid 3326] close(3) = 0 [pid 3326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3326] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3326] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3326] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3326] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3326] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3326] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3327]}, 88) = 3327 [pid 3326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3326] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3326] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3326] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3326] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3326] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3328]}, 88) = 3328 [pid 3326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3326] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3326] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3328 attached [pid 3328] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3328] creat("./bus", 000) = 3 [pid 3328] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3326] <... futex resumed>) = 0 [pid 3326] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3326] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3328] <... futex resumed>) = 1 [pid 3328] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3328] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3326] <... futex resumed>) = 0 [pid 3326] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3326] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3328] <... futex resumed>) = 1 [pid 3328] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3328] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3326] <... futex resumed>) = 0 [pid 3326] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3326] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3328] <... futex resumed>) = 1 [pid 3328] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3328] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3326] <... futex resumed>) = 0 [pid 3326] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3328] <... futex resumed>) = 1 [pid 3328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3328] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3327 attached [pid 3327] +++ killed by SIGBUS +++ [pid 3326] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3326, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./938", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./938", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./938/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./938/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./938/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./938/bus") = 0 umount2("./938/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./938/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./938/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./938") = 0 mkdir("./939", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3329 ./strace-static-x86_64: Process 3329 attached [pid 3329] set_robust_list(0x5555564336a0, 24) = 0 [pid 3329] chdir("./939") = 0 [pid 3329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3329] setpgid(0, 0) = 0 [pid 3329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3329] write(3, "1000", 4) = 4 [pid 3329] close(3) = 0 [pid 3329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3329] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3329] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3329] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3330 attached [pid 3330] set_robust_list(0x7f22e15909a0, 24 [pid 3329] <... clone3 resumed> => {parent_tid=[3330]}, 88) = 3330 [pid 3330] <... set_robust_list resumed>) = 0 [pid 3329] rt_sigprocmask(SIG_SETMASK, [], [pid 3330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3329] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3330] memfd_create("syzkaller", 0 [pid 3329] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3330] <... memfd_create resumed>) = 3 [pid 3329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3329] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3330] <... mmap resumed>) = 0x7f22d914f000 [pid 3329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3331]}, 88) = 3331 [pid 3329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3329] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3329] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3331 attached [pid 3331] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3331] creat("./bus", 000) = 4 [pid 3331] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3329] <... futex resumed>) = 0 [pid 3329] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3329] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3331] <... futex resumed>) = 1 [pid 3331] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3331] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3329] <... futex resumed>) = 0 [pid 3329] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3329] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3331] <... futex resumed>) = 1 [pid 3331] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3331] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3329] <... futex resumed>) = 0 [pid 3329] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3329] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3331] <... futex resumed>) = 1 [pid 3331] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d0c} --- [pid 3331] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3329] <... futex resumed>) = 0 [pid 3329] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3331] <... futex resumed>) = 1 [pid 3331] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3331] +++ killed by SIGBUS +++ [pid 3330] +++ killed by SIGBUS +++ [pid 3329] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3329, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./939", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./939", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./939/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./939/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./939/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./939/bus") = 0 umount2("./939/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./939/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./939/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./939") = 0 mkdir("./940", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3332 ./strace-static-x86_64: Process 3332 attached [pid 3332] set_robust_list(0x5555564336a0, 24) = 0 [pid 3332] chdir("./940") = 0 [pid 3332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3332] setpgid(0, 0) = 0 [pid 3332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3332] write(3, "1000", 4) = 4 [pid 3332] close(3) = 0 [pid 3332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3332] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3332] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3332] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3333]}, 88) = 3333 [pid 3332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3332] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3332] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3332] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3334]}, 88) = 3334 [pid 3332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3332] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3332] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3334 attached [pid 3334] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3334] creat("./bus", 000) = 3 [pid 3334] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3332] <... futex resumed>) = 0 [pid 3332] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3332] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3334] <... futex resumed>) = 1 [pid 3334] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 ./strace-static-x86_64: Process 3333 attached [pid 3334] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3332] <... futex resumed>) = 0 [pid 3332] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3332] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3334] <... futex resumed>) = 1 [pid 3334] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3334] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3332] <... futex resumed>) = 0 [pid 3332] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3332] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3334] <... futex resumed>) = 1 [pid 3334] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3333] set_robust_list(0x7f22e15909a0, 24 [pid 3334] <... mmap resumed>) = 0x20000000 [pid 3334] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3332] <... futex resumed>) = 0 [pid 3332] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3334] <... futex resumed>) = 1 [pid 3334] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3333] <... set_robust_list resumed>) = ? [pid 3333] +++ killed by SIGBUS +++ [pid 3334] +++ killed by SIGBUS +++ [pid 3332] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3332, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./940", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./940", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./940/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./940/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./940/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./940/bus") = 0 umount2("./940/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./940/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./940/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 70.494876][ T293] EXT4-fs (loop0): unmounting filesystem. rmdir("./940") = 0 mkdir("./941", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3335 ./strace-static-x86_64: Process 3335 attached [pid 3335] set_robust_list(0x5555564336a0, 24) = 0 [pid 3335] chdir("./941") = 0 [pid 3335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3335] setpgid(0, 0) = 0 [pid 3335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3335] write(3, "1000", 4) = 4 [pid 3335] close(3) = 0 [pid 3335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3335] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3335] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3335] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3336 attached [pid 3336] set_robust_list(0x7f22e15909a0, 24 [pid 3335] <... clone3 resumed> => {parent_tid=[3336]}, 88) = 3336 [pid 3336] <... set_robust_list resumed>) = 0 [pid 3335] rt_sigprocmask(SIG_SETMASK, [], [pid 3336] rt_sigprocmask(SIG_SETMASK, [], [pid 3335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3335] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3335] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3336] memfd_create("syzkaller", 0 [pid 3335] <... futex resumed>) = 0 [pid 3335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3336] <... memfd_create resumed>) = 3 [pid 3336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3335] <... mmap resumed>) = 0x7f22e154f000 [pid 3335] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3336] <... mmap resumed>) = 0x7f22d914f000 [pid 3335] <... mprotect resumed>) = 0 [pid 3335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3337]}, 88) = 3337 ./strace-static-x86_64: Process 3337 attached [pid 3337] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3337] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3335] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3337] <... futex resumed>) = 0 [pid 3335] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3337] creat("./bus", 000) = 4 [pid 3337] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3337] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3335] <... futex resumed>) = 0 [pid 3335] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3337] <... futex resumed>) = 0 [pid 3335] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3337] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3337] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3335] <... futex resumed>) = 0 [pid 3337] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3335] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3337] <... open resumed>) = 5 [pid 3335] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3337] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3337] <... futex resumed>) = 0 [pid 3335] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3337] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3335] <... futex resumed>) = 0 [pid 3335] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3337] <... mmap resumed>) = 0x20000000 [pid 3337] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3337] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3335] <... futex resumed>) = 0 [pid 3337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3335] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3337] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3337] +++ killed by SIGBUS +++ [pid 3336] +++ killed by SIGBUS +++ [pid 3335] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3335, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./941", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./941", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./941/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./941/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./941/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./941/bus") = 0 umount2("./941/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./941/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./941/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./941") = 0 mkdir("./942", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3338 ./strace-static-x86_64: Process 3338 attached [pid 3338] set_robust_list(0x5555564336a0, 24) = 0 [pid 3338] chdir("./942") = 0 [pid 3338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3338] setpgid(0, 0) = 0 [pid 3338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3338] write(3, "1000", 4) = 4 [pid 3338] close(3) = 0 [pid 3338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3338] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3338] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3338] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3339 attached => {parent_tid=[3339]}, 88) = 3339 [pid 3339] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3339] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3338] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3339] <... futex resumed>) = 0 [pid 3338] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] memfd_create("syzkaller", 0) = 3 [pid 3339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3338] <... futex resumed>) = 0 [pid 3339] <... mmap resumed>) = 0x7f22d9170000 [pid 3338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3338] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3340]}, 88) = 3340 [pid 3338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3338] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3340 attached [pid 3339] <... write resumed>) = 262144 [pid 3339] munmap(0x7f22d9170000, 138412032 [pid 3340] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3339] <... munmap resumed>) = 0 [pid 3340] rt_sigprocmask(SIG_SETMASK, [], [pid 3339] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3339] <... openat resumed>) = 4 [pid 3340] creat("./bus", 000 [pid 3339] ioctl(4, LOOP_SET_FD, 3 [pid 3338] <... futex resumed>) = 0 [pid 3338] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3340] <... creat resumed>) = 5 [pid 3340] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3338] <... futex resumed>) = 0 [pid 3338] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3338] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3340] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3340] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3338] <... futex resumed>) = 0 [pid 3338] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3338] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3340] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3340] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3338] <... futex resumed>) = 0 [pid 3338] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3338] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3340] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3339] <... ioctl resumed>) = 0 [pid 3339] close(3) = 0 [pid 3339] close(4) = 0 [pid 3339] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3339] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3339] ioctl(3, LOOP_CLR_FD) = 0 [pid 3339] close(3) = 0 [pid 3339] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3339] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3340] <... mmap resumed>) = 0x20000000 [pid 3340] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3338] <... futex resumed>) = 0 [pid 3338] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3340] <... futex resumed>) = 1 [pid 3340] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3339] <... futex resumed>) = 0 [pid 3339] memfd_create("syzkaller", 0) = 3 [pid 3339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3339] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3339] munmap(0x7f22d9170000, 138412032) = 0 [pid 3339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3339] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3339] ioctl(4, LOOP_CLR_FD) = 0 [pid 3339] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3339] close(4) = 0 [pid 3339] close(3) = 0 [pid 3339] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3338] exit_group(0 [pid 3340] <... futex resumed>) = ? [pid 3338] <... exit_group resumed>) = ? [pid 3340] +++ exited with 0 +++ [pid 3339] <... futex resumed>) = ? [pid 3339] +++ exited with 0 +++ [pid 3338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3338, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./942", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./942", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./942/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./942/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./942/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./942/bus") = 0 umount2("./942/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./942/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./942/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./942") = 0 mkdir("./943", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3341 ./strace-static-x86_64: Process 3341 attached [pid 3341] set_robust_list(0x5555564336a0, 24) = 0 [pid 3341] chdir("./943") = 0 [pid 3341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3341] setpgid(0, 0) = 0 [pid 3341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3341] write(3, "1000", 4) = 4 [pid 3341] close(3) = 0 [pid 3341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3341] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3341] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3341] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3342 attached => {parent_tid=[3342]}, 88) = 3342 [pid 3342] set_robust_list(0x7f22e15909a0, 24 [pid 3341] rt_sigprocmask(SIG_SETMASK, [], [pid 3342] <... set_robust_list resumed>) = 0 [pid 3342] rt_sigprocmask(SIG_SETMASK, [], [pid 3341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3341] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3341] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3342] memfd_create("syzkaller", 0 [pid 3341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3341] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3342] <... memfd_create resumed>) = 3 [pid 3342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3342] <... mmap resumed>) = 0x7f22d914f000 [pid 3341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3343]}, 88) = 3343 [pid 3341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3341] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3341] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3343 attached [pid 3342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [ 70.593498][ T3339] loop0: detected capacity change from 0 to 512 [pid 3343] set_robust_list(0x7f22e156f9a0, 24 [pid 3342] <... write resumed>) = 262144 [pid 3343] <... set_robust_list resumed>) = 0 [pid 3342] munmap(0x7f22d914f000, 138412032 [pid 3343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3342] <... munmap resumed>) = 0 [pid 3343] creat("./bus", 000 [pid 3342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3343] <... creat resumed>) = 5 [pid 3342] close(3 [pid 3343] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3342] <... close resumed>) = 0 [pid 3343] <... futex resumed>) = 1 [pid 3341] <... futex resumed>) = 0 [pid 3342] close(4 [pid 3343] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3341] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3342] <... close resumed>) = 0 [pid 3343] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3341] <... futex resumed>) = 0 [pid 3342] mkdir("./file0", 0777 [pid 3341] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3342] <... mkdir resumed>) = 0 [pid 3343] <... mount resumed>) = 0 [pid 3342] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3343] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3341] <... futex resumed>) = 0 [pid 3343] <... futex resumed>) = 1 [pid 3341] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3343] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3341] <... futex resumed>) = 0 [pid 3341] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3343] <... open resumed>) = 3 [pid 3343] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3341] <... futex resumed>) = 0 [pid 3341] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3343] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3341] <... futex resumed>) = 0 [pid 3341] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3343] <... mmap resumed>) = 0x20000000 [pid 3343] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3341] <... futex resumed>) = 0 [pid 3341] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3343] memfd_create("syzkaller", 0) = 4 [pid 3343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3342] <... mount resumed>) = 0 [pid 3342] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3342] ioctl(6, LOOP_CLR_FD) = 0 [pid 3342] close(6) = 0 [pid 3342] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3342] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3343] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3343] munmap(0x7f22d914f000, 138412032) = 0 [pid 3343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3343] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3343] ioctl(6, LOOP_CLR_FD) = 0 [pid 3343] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3343] close(6) = 0 [pid 3343] close(4) = 0 [pid 3343] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3341] exit_group(0 [pid 3342] <... futex resumed>) = ? [pid 3341] <... exit_group resumed>) = ? [pid 3342] +++ exited with 0 +++ [pid 3343] <... futex resumed>) = ? [pid 3343] +++ exited with 0 +++ [pid 3341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3341, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./943", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./943", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./943/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./943/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./943/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./943/bus") = 0 umount2("./943/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./943/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./943/binderfs") = 0 [ 70.654877][ T3342] loop0: detected capacity change from 0 to 512 [ 70.667631][ T3342] EXT4-fs (loop0): 1 truncate cleaned up [ 70.673238][ T3342] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./943/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./943/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./943/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./943/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./943/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./943/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./943") = 0 mkdir("./944", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3346 ./strace-static-x86_64: Process 3346 attached [pid 3346] set_robust_list(0x5555564336a0, 24) = 0 [pid 3346] chdir("./944") = 0 [pid 3346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3346] setpgid(0, 0) = 0 [pid 3346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3346] write(3, "1000", 4) = 4 [pid 3346] close(3) = 0 [pid 3346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3346] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3346] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3346] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3346] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3347 attached => {parent_tid=[3347]}, 88) = 3347 [pid 3347] set_robust_list(0x7f22e15909a0, 24 [pid 3346] rt_sigprocmask(SIG_SETMASK, [], [pid 3347] <... set_robust_list resumed>) = 0 [pid 3346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3347] rt_sigprocmask(SIG_SETMASK, [], [pid 3346] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3346] <... futex resumed>) = 0 [pid 3346] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3347] memfd_create("syzkaller", 0 [pid 3346] <... futex resumed>) = 0 [pid 3346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3347] <... memfd_create resumed>) = 3 [pid 3346] <... mmap resumed>) = 0x7f22e154f000 [pid 3347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3346] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3347] <... mmap resumed>) = 0x7f22d914f000 [pid 3346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3348]}, 88) = 3348 [pid 3346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3346] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3346] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3348 attached [pid 3348] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3348] creat("./bus", 000) = 4 [pid 3348] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3346] <... futex resumed>) = 0 [pid 3346] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3346] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3348] <... futex resumed>) = 1 [pid 3348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3348] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3346] <... futex resumed>) = 0 [pid 3346] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3346] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3348] <... futex resumed>) = 1 [pid 3348] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3348] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3346] <... futex resumed>) = 0 [pid 3346] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3346] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3348] <... futex resumed>) = 1 [pid 3348] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3347] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000da1} --- [pid 3348] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3346] <... futex resumed>) = 0 [pid 3346] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3348] <... futex resumed>) = 1 [pid 3348] +++ killed by SIGBUS +++ [pid 3347] +++ killed by SIGBUS +++ [pid 3346] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3346, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./944", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./944", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./944/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./944/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./944/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./944/bus") = 0 umount2("./944/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./944/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./944/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./944") = 0 mkdir("./945", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3349 attached [pid 3349] set_robust_list(0x5555564336a0, 24 [pid 293] <... clone resumed>, child_tidptr=0x555556433690) = 3349 [pid 3349] <... set_robust_list resumed>) = 0 [pid 3349] chdir("./945") = 0 [pid 3349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3349] setpgid(0, 0) = 0 [pid 3349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3349] write(3, "1000", 4) = 4 [pid 3349] close(3) = 0 [pid 3349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3349] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3349] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3349] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3350 attached [pid 3350] set_robust_list(0x7f22e15909a0, 24 [pid 3349] <... clone3 resumed> => {parent_tid=[3350]}, 88) = 3350 [pid 3350] <... set_robust_list resumed>) = 0 [pid 3349] rt_sigprocmask(SIG_SETMASK, [], [pid 3350] rt_sigprocmask(SIG_SETMASK, [], [pid 3349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3349] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3350] memfd_create("syzkaller", 0 [pid 3349] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3350] <... memfd_create resumed>) = 3 [pid 3349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3349] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3350] <... mmap resumed>) = 0x7f22d914f000 [pid 3349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3351]}, 88) = 3351 [pid 3349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3349] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3349] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3351 attached [pid 3351] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3351] creat("./bus", 000) = 4 [pid 3351] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3349] <... futex resumed>) = 0 [pid 3349] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3349] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3351] <... futex resumed>) = 1 [pid 3351] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3351] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3349] <... futex resumed>) = 0 [pid 3349] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3349] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3351] <... futex resumed>) = 1 [pid 3351] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3351] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3349] <... futex resumed>) = 0 [pid 3349] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3349] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3351] <... futex resumed>) = 1 [pid 3351] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d51} --- [pid 3351] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3349] <... futex resumed>) = 0 [pid 3349] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3351] <... futex resumed>) = 1 [pid 3350] +++ killed by SIGBUS +++ [pid 3351] +++ killed by SIGBUS +++ [pid 3349] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3349, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./945", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./945", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./945/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./945/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./945/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./945/bus") = 0 umount2("./945/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./945/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./945/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./945") = 0 mkdir("./946", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3352 ./strace-static-x86_64: Process 3352 attached [pid 3352] set_robust_list(0x5555564336a0, 24) = 0 [pid 3352] chdir("./946") = 0 [pid 3352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3352] setpgid(0, 0) = 0 [pid 3352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3352] write(3, "1000", 4) = 4 [ 70.715785][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 3352] close(3) = 0 [pid 3352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3352] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3352] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3352] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3352] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3353 attached [pid 3353] set_robust_list(0x7f22e15909a0, 24 [pid 3352] <... clone3 resumed> => {parent_tid=[3353]}, 88) = 3353 [pid 3353] <... set_robust_list resumed>) = 0 [pid 3352] rt_sigprocmask(SIG_SETMASK, [], [pid 3353] rt_sigprocmask(SIG_SETMASK, [], [pid 3352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3352] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3352] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3353] memfd_create("syzkaller", 0 [pid 3352] <... mmap resumed>) = 0x7f22e154f000 [pid 3353] <... memfd_create resumed>) = 3 [pid 3352] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3352] <... mprotect resumed>) = 0 [pid 3352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3353] <... mmap resumed>) = 0x7f22d914f000 [pid 3352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3354 attached [pid 3354] set_robust_list(0x7f22e156f9a0, 24 [pid 3352] <... clone3 resumed> => {parent_tid=[3354]}, 88) = 3354 [pid 3354] <... set_robust_list resumed>) = 0 [pid 3354] rt_sigprocmask(SIG_SETMASK, [], [pid 3352] rt_sigprocmask(SIG_SETMASK, [], [pid 3354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3354] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3352] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3354] <... futex resumed>) = 0 [pid 3352] <... futex resumed>) = 1 [pid 3354] creat("./bus", 000 [pid 3352] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3354] <... creat resumed>) = 4 [pid 3354] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3352] <... futex resumed>) = 0 [pid 3354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3352] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3352] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3354] <... mount resumed>) = 0 [pid 3354] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3352] <... futex resumed>) = 0 [pid 3352] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3354] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3352] <... futex resumed>) = 0 [pid 3354] <... open resumed>) = 5 [pid 3352] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3354] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3354] <... futex resumed>) = 0 [pid 3352] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3354] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3352] <... futex resumed>) = 0 [pid 3352] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3354] <... mmap resumed>) = 0x20000000 [pid 3353] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ac1} --- [pid 3352] <... futex resumed>) = ? [pid 3353] +++ killed by SIGBUS +++ [pid 3354] +++ killed by SIGBUS +++ [pid 3352] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3352, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./946", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./946", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./946/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./946/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./946/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./946/bus") = 0 umount2("./946/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./946/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./946/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./946") = 0 mkdir("./947", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3355 ./strace-static-x86_64: Process 3355 attached [pid 3355] set_robust_list(0x5555564336a0, 24) = 0 [pid 3355] chdir("./947") = 0 [pid 3355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3355] setpgid(0, 0) = 0 [pid 3355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3355] write(3, "1000", 4) = 4 [pid 3355] close(3) = 0 [pid 3355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3355] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3355] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3355] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3356 attached [pid 3356] set_robust_list(0x7f22e15909a0, 24 [pid 3355] <... clone3 resumed> => {parent_tid=[3356]}, 88) = 3356 [pid 3356] <... set_robust_list resumed>) = 0 [pid 3355] rt_sigprocmask(SIG_SETMASK, [], [pid 3356] rt_sigprocmask(SIG_SETMASK, [], [pid 3355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3355] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3356] memfd_create("syzkaller", 0 [pid 3355] <... futex resumed>) = 0 [pid 3355] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3356] <... memfd_create resumed>) = 3 [pid 3356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3355] <... futex resumed>) = 0 [pid 3355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3356] <... mmap resumed>) = 0x7f22d9170000 [pid 3355] <... mmap resumed>) = 0x7f22d914f000 [pid 3355] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 3357 attached => {parent_tid=[3357]}, 88) = 3357 [pid 3357] set_robust_list(0x7f22d916f9a0, 24 [pid 3355] rt_sigprocmask(SIG_SETMASK, [], [pid 3357] <... set_robust_list resumed>) = 0 [pid 3355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3357] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3355] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3357] <... futex resumed>) = 0 [pid 3357] creat("./bus", 000 [pid 3355] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3357] <... creat resumed>) = 4 [pid 3357] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3357] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3355] <... futex resumed>) = 0 [pid 3355] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3357] <... futex resumed>) = 0 [pid 3357] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3355] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3357] <... mount resumed>) = 0 [pid 3357] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3355] <... futex resumed>) = 0 [pid 3357] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3355] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3355] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3357] <... open resumed>) = 5 [pid 3357] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3355] <... futex resumed>) = 0 [pid 3357] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3355] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3355] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3357] <... mmap resumed>) = 0x20000000 [pid 3357] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3355] <... futex resumed>) = 0 [pid 3355] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3357] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3355] <... futex resumed>) = 0 [pid 3356] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dde} --- [pid 3357] +++ killed by SIGBUS +++ [pid 3356] +++ killed by SIGBUS +++ [pid 3355] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3355, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./947", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./947", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./947/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./947/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./947/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./947/bus") = 0 umount2("./947/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./947/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./947/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./947") = 0 mkdir("./948", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3358 ./strace-static-x86_64: Process 3358 attached [pid 3358] set_robust_list(0x5555564336a0, 24) = 0 [pid 3358] chdir("./948") = 0 [pid 3358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3358] setpgid(0, 0) = 0 [pid 3358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3358] write(3, "1000", 4) = 4 [pid 3358] close(3) = 0 [pid 3358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3358] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3358] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3358] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3359]}, 88) = 3359 [pid 3358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3358] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3359 attached ) = 0 [pid 3358] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3358] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3360 attached => {parent_tid=[3360]}, 88) = 3360 [pid 3360] set_robust_list(0x7f22e156f9a0, 24 [pid 3358] rt_sigprocmask(SIG_SETMASK, [], [pid 3360] <... set_robust_list resumed>) = 0 [pid 3358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3360] rt_sigprocmask(SIG_SETMASK, [], [pid 3358] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3358] <... futex resumed>) = 0 [pid 3358] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3360] creat("./bus", 000 [pid 3359] set_robust_list(0x7f22e15909a0, 24 [pid 3360] <... creat resumed>) = 3 [pid 3360] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3359] <... set_robust_list resumed>) = 0 [pid 3359] rt_sigprocmask(SIG_SETMASK, [], [pid 3360] <... futex resumed>) = 1 [pid 3358] <... futex resumed>) = 0 [pid 3358] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3360] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3359] memfd_create("syzkaller", 0 [pid 3360] <... mount resumed>) = 0 [pid 3360] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3359] <... memfd_create resumed>) = 4 [pid 3360] <... futex resumed>) = 1 [pid 3358] <... futex resumed>) = 0 [pid 3358] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3360] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3360] <... open resumed>) = 5 [pid 3360] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3359] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3360] <... futex resumed>) = 1 [pid 3358] <... futex resumed>) = 0 [pid 3358] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3360] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3359] <... write resumed>) = 262144 [pid 3360] <... mmap resumed>) = 0x20000000 [pid 3359] munmap(0x7f22d914f000, 138412032 [pid 3360] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3358] <... futex resumed>) = 0 [pid 3358] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3359] <... munmap resumed>) = 0 [pid 3358] <... futex resumed>) = 0 [pid 3360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3360] +++ killed by SIGBUS +++ [pid 3359] +++ killed by SIGBUS +++ [pid 3358] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3358, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./948", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./948", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./948/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./948/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./948/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./948/bus") = 0 umount2("./948/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./948/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./948/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./948") = 0 mkdir("./949", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3361 ./strace-static-x86_64: Process 3361 attached [pid 3361] set_robust_list(0x5555564336a0, 24) = 0 [pid 3361] chdir("./949") = 0 [pid 3361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3361] setpgid(0, 0) = 0 [pid 3361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3361] write(3, "1000", 4) = 4 [pid 3361] close(3) = 0 [pid 3361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3361] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3361] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3361] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3362]}, 88) = 3362 [pid 3361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3361] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3361] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 ./strace-static-x86_64: Process 3362 attached [pid 3361] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3361] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3362] set_robust_list(0x7f22e15909a0, 24 [pid 3361] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 3362] <... set_robust_list resumed>) = 0 [pid 3361] <... clone3 resumed> => {parent_tid=[3363]}, 88) = 3363 [pid 3361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3361] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3361] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3363 attached [pid 3363] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3363] creat("./bus", 000 [pid 3362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3362] memfd_create("syzkaller", 0) = 4 [pid 3362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3363] <... creat resumed>) = 3 [pid 3363] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3361] <... futex resumed>) = 0 [pid 3361] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3361] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3363] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3363] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3362] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3363] <... futex resumed>) = 1 [pid 3361] <... futex resumed>) = 0 [pid 3361] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3361] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3363] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3363] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3361] <... futex resumed>) = 0 [pid 3361] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3361] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3363] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3362] <... write resumed>) = 262144 [pid 3362] munmap(0x7f22d914f000, 138412032) = 0 [pid 3363] <... mmap resumed>) = 0x20000000 [pid 3363] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3362] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3361] <... futex resumed>) = 0 [pid 3361] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3362] <... openat resumed>) = 6 [pid 3363] <... futex resumed>) = 1 [pid 3363] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3362] ioctl(6, LOOP_SET_FD, 4) = ? [pid 3363] +++ killed by SIGBUS +++ [pid 3362] +++ killed by SIGBUS +++ [pid 3361] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3361, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./949", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./949", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./949/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./949/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./949/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./949/bus") = 0 umount2("./949/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./949/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./949/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./949") = 0 mkdir("./950", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3364 ./strace-static-x86_64: Process 3364 attached [pid 3364] set_robust_list(0x5555564336a0, 24) = 0 [pid 3364] chdir("./950") = 0 [pid 3364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3364] setpgid(0, 0) = 0 [pid 3364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3364] write(3, "1000", 4) = 4 [pid 3364] close(3) = 0 [pid 3364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3364] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3364] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3364] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3364] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3365]}, 88) = 3365 [pid 3364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3364] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3364] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3364] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 3365 attached [pid 3365] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3365] memfd_create("syzkaller", 0) = 3 [pid 3365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3364] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3365] <... mmap resumed>) = 0x7f22d914f000 [pid 3364] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3366 attached [pid 3366] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3366] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3364] <... clone3 resumed> => {parent_tid=[3366]}, 88) = 3366 [pid 3364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3364] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3366] <... futex resumed>) = 0 [ 70.844458][ T3362] loop0: detected capacity change from 0 to 512 [pid 3366] creat("./bus", 000 [pid 3364] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3366] <... creat resumed>) = 4 [pid 3366] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3366] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3364] <... futex resumed>) = 0 [pid 3364] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3366] <... futex resumed>) = 0 [pid 3366] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3364] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3366] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3366] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3364] <... futex resumed>) = 0 [pid 3365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3364] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3366] <... futex resumed>) = 0 [pid 3366] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3366] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3366] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3365] <... write resumed>) = 262144 [pid 3365] munmap(0x7f22d914f000, 138412032 [pid 3364] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3364] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3366] <... futex resumed>) = 0 [pid 3366] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3365] <... munmap resumed>) = 0 [pid 3364] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3365] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3366] <... mmap resumed>) = 0x20000000 [pid 3366] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3365] <... openat resumed>) = 6 [pid 3366] <... futex resumed>) = 1 [pid 3365] ioctl(6, LOOP_SET_FD, 3 [pid 3364] <... futex resumed>) = 0 [pid 3364] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3366] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3365] <... ioctl resumed>) = ? [pid 3366] +++ killed by SIGBUS +++ [pid 3365] +++ killed by SIGBUS +++ [pid 3364] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3364, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./950", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./950", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./950/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./950/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./950/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./950/bus") = 0 umount2("./950/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./950/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./950/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./950") = 0 mkdir("./951", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3367 ./strace-static-x86_64: Process 3367 attached [pid 3367] set_robust_list(0x5555564336a0, 24) = 0 [pid 3367] chdir("./951") = 0 [pid 3367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3367] setpgid(0, 0) = 0 [pid 3367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3367] write(3, "1000", 4) = 4 [pid 3367] close(3) = 0 [pid 3367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3367] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3367] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3367] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3368]}, 88) = 3368 [pid 3367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3367] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3367] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3367] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3369]}, 88) = 3369 [pid 3367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3367] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3367] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3369 attached [pid 3369] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3369] creat("./bus", 000) = 3 [pid 3369] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3367] <... futex resumed>) = 0 [pid 3367] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3367] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3369] <... futex resumed>) = 1 [pid 3369] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 3368 attached ) = 0 [pid 3369] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3368] set_robust_list(0x7f22e15909a0, 24 [pid 3369] <... futex resumed>) = 1 [pid 3368] <... set_robust_list resumed>) = 0 [pid 3367] <... futex resumed>) = 0 [pid 3367] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3367] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3369] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3368] rt_sigprocmask(SIG_SETMASK, [], [pid 3369] <... open resumed>) = 4 [pid 3368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3369] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3368] memfd_create("syzkaller", 0 [pid 3369] <... futex resumed>) = 1 [pid 3368] <... memfd_create resumed>) = 5 [pid 3367] <... futex resumed>) = 0 [pid 3367] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3367] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3369] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3369] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3368] <... mmap resumed>) = 0x7f22d914f000 [pid 3369] <... futex resumed>) = 1 [pid 3368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000982} --- [pid 3367] <... futex resumed>) = 0 [pid 3367] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3368] +++ killed by SIGBUS +++ [pid 3369] +++ killed by SIGBUS +++ [pid 3367] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3367, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./951", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./951", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./951/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./951/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./951/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./951/bus") = 0 umount2("./951/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./951/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./951/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./951") = 0 mkdir("./952", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3370 ./strace-static-x86_64: Process 3370 attached [pid 3370] set_robust_list(0x5555564336a0, 24) = 0 [pid 3370] chdir("./952") = 0 [pid 3370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3370] setpgid(0, 0) = 0 [pid 3370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3370] write(3, "1000", 4) = 4 [pid 3370] close(3) = 0 [pid 3370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3370] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3370] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3370] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3371 attached [pid 3371] set_robust_list(0x7f22e15909a0, 24 [pid 3370] <... clone3 resumed> => {parent_tid=[3371]}, 88) = 3371 [pid 3371] <... set_robust_list resumed>) = 0 [pid 3370] rt_sigprocmask(SIG_SETMASK, [], [pid 3371] rt_sigprocmask(SIG_SETMASK, [], [pid 3370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3370] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3371] memfd_create("syzkaller", 0 [pid 3370] <... futex resumed>) = 0 [pid 3370] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3371] <... memfd_create resumed>) = 3 [pid 3371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3370] <... futex resumed>) = 0 [pid 3370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3371] <... mmap resumed>) = 0x7f22d914f000 [pid 3370] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3372]}, 88) = 3372 ./strace-static-x86_64: Process 3372 attached [pid 3372] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3372] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3370] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3370] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3372] <... futex resumed>) = 0 [pid 3372] creat("./bus", 000) = 4 [pid 3372] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3372] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3370] <... futex resumed>) = 0 [pid 3370] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3370] <... futex resumed>) = 1 [pid 3372] <... futex resumed>) = 0 [pid 3372] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3370] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3372] <... mount resumed>) = 0 [pid 3372] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3370] <... futex resumed>) = 0 [pid 3370] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3370] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3372] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3372] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3370] <... futex resumed>) = 0 [pid 3370] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3370] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3372] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3372] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3370] <... futex resumed>) = 0 [pid 3370] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3372] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3370] <... futex resumed>) = 0 [ 70.910181][ T3365] loop0: detected capacity change from 0 to 512 [pid 3371] <... write resumed>) = ? [pid 3372] +++ killed by SIGBUS +++ [pid 3371] +++ killed by SIGBUS +++ [pid 3370] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3370, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./952", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./952", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./952/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./952/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./952/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./952/bus") = 0 umount2("./952/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./952/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./952/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./952") = 0 mkdir("./953", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3373 ./strace-static-x86_64: Process 3373 attached [pid 3373] set_robust_list(0x5555564336a0, 24) = 0 [pid 3373] chdir("./953") = 0 [pid 3373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3373] setpgid(0, 0) = 0 [pid 3373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3373] write(3, "1000", 4) = 4 [pid 3373] close(3) = 0 [pid 3373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3373] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3373] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3373] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3374]}, 88) = 3374 [pid 3373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3373] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3373] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3373] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3375]}, 88) = 3375 [pid 3373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3373] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3373] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3374 attached [pid 3374] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3374] memfd_create("syzkaller", 0./strace-static-x86_64: Process 3375 attached ) = 3 [pid 3374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3375] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3375] creat("./bus", 000) = 4 [pid 3375] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3373] <... futex resumed>) = 0 [pid 3373] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3373] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3375] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3373] <... futex resumed>) = 0 [pid 3373] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3373] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3375] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3375] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3373] <... futex resumed>) = 0 [pid 3373] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3373] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3375] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3374] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000db3} --- [pid 3373] <... futex resumed>) = ? [pid 3375] +++ killed by SIGBUS +++ [pid 3374] +++ killed by SIGBUS +++ [pid 3373] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3373, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./953", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./953", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./953/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./953/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./953/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./953/bus") = 0 umount2("./953/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./953/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./953/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./953") = 0 mkdir("./954", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3376 ./strace-static-x86_64: Process 3376 attached [pid 3376] set_robust_list(0x5555564336a0, 24) = 0 [pid 3376] chdir("./954") = 0 [pid 3376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3376] setpgid(0, 0) = 0 [pid 3376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3376] write(3, "1000", 4) = 4 [pid 3376] close(3) = 0 [pid 3376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3376] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3376] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3377 attached [pid 3377] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3377] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3376] <... clone3 resumed> => {parent_tid=[3377]}, 88) = 3377 [pid 3376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3376] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3377] <... futex resumed>) = 0 [pid 3376] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3377] memfd_create("syzkaller", 0) = 3 [pid 3377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3376] <... futex resumed>) = 0 [pid 3376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3376] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 3378 attached [pid 3378] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3378] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3376] <... clone3 resumed> => {parent_tid=[3378]}, 88) = 3378 [pid 3376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3376] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3378] <... futex resumed>) = 0 [pid 3378] creat("./bus", 000 [pid 3376] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3378] <... creat resumed>) = 4 [pid 3378] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3377] munmap(0x7f22d9170000, 138412032 [pid 3378] <... futex resumed>) = 1 [pid 3376] <... futex resumed>) = 0 [pid 3376] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3377] <... munmap resumed>) = 0 [pid 3378] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3377] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3378] <... futex resumed>) = 1 [pid 3376] <... futex resumed>) = 0 [pid 3376] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3378] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3377] <... openat resumed>) = 5 [pid 3378] <... open resumed>) = 6 [pid 3377] ioctl(5, LOOP_SET_FD, 3 [pid 3378] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3376] <... futex resumed>) = 0 [pid 3378] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3376] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3377] <... ioctl resumed>) = 0 [pid 3377] close(3) = 0 [pid 3377] close(5 [pid 3378] <... mmap resumed>) = 0x20000000 [pid 3377] <... close resumed>) = 0 [pid 3378] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3377] mkdir(0x200000c0, 0777 [pid 3378] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3377] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 3377] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3377] ioctl(3, LOOP_CLR_FD) = 0 [pid 3377] close(3) = 0 [pid 3377] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3377] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3376] <... futex resumed>) = 0 [pid 3376] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3377] <... futex resumed>) = 0 [pid 3377] memfd_create("syzkaller", 0) = 3 [pid 3377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3377] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3377] munmap(0x7f22d9170000, 138412032) = 0 [pid 3377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3377] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3377] ioctl(5, LOOP_CLR_FD) = 0 [pid 3377] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3377] close(5) = 0 [pid 3377] close(3) = 0 [pid 3377] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3377] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3376] exit_group(0 [pid 3378] <... futex resumed>) = ? [pid 3376] <... exit_group resumed>) = ? [pid 3378] +++ exited with 0 +++ [pid 3377] <... futex resumed>) = ? [pid 3377] +++ exited with 0 +++ [pid 3376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3376, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./954", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./954", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./954/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./954/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./954/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./954/bus") = 0 umount2("./954/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./954/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./954/binderfs") = 0 [ 71.008549][ T3377] loop0: detected capacity change from 0 to 512 [ 71.015031][ T3378] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./954") = 0 mkdir("./955", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3379 ./strace-static-x86_64: Process 3379 attached [pid 3379] set_robust_list(0x5555564336a0, 24) = 0 [pid 3379] chdir("./955") = 0 [pid 3379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3379] setpgid(0, 0) = 0 [pid 3379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3379] write(3, "1000", 4) = 4 [pid 3379] close(3) = 0 [pid 3379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3379] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3379] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3379] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3380]}, 88) = 3380 [pid 3379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3379] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3379] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3379] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3381]}, 88) = 3381 [pid 3379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3379] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3379] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3381 attached [pid 3381] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3381] creat("./bus", 000) = 3 [pid 3381] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3379] <... futex resumed>) = 0 [pid 3379] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3379] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3381] <... futex resumed>) = 1 [pid 3381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3381] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3379] <... futex resumed>) = 0 [pid 3379] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3379] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3381] <... futex resumed>) = 1 [pid 3381] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3381] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3379] <... futex resumed>) = 0 [pid 3379] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3379] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3381] <... futex resumed>) = 1 [pid 3381] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3381] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3379] <... futex resumed>) = 0 [pid 3379] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3381] <... futex resumed>) = 1 [pid 3381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3381] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3380 attached [pid 3380] +++ killed by SIGBUS +++ [pid 3379] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3379, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./955", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./955", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./955/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./955/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./955/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./955/bus") = 0 umount2("./955/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./955/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./955/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./955") = 0 mkdir("./956", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3382 ./strace-static-x86_64: Process 3382 attached [pid 3382] set_robust_list(0x5555564336a0, 24) = 0 [pid 3382] chdir("./956") = 0 [pid 3382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3382] setpgid(0, 0) = 0 [pid 3382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3382] write(3, "1000", 4) = 4 [pid 3382] close(3) = 0 [pid 3382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3382] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3382] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3382] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3382] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3383 attached [pid 3383] set_robust_list(0x7f22e15909a0, 24 [pid 3382] <... clone3 resumed> => {parent_tid=[3383]}, 88) = 3383 [pid 3383] <... set_robust_list resumed>) = 0 [pid 3382] rt_sigprocmask(SIG_SETMASK, [], [pid 3383] rt_sigprocmask(SIG_SETMASK, [], [pid 3382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3382] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3382] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3383] memfd_create("syzkaller", 0 [pid 3382] <... futex resumed>) = 0 [pid 3382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3383] <... memfd_create resumed>) = 3 [pid 3383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3382] <... mmap resumed>) = 0x7f22e154f000 [pid 3382] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3383] <... mmap resumed>) = 0x7f22d914f000 [pid 3382] <... mprotect resumed>) = 0 [pid 3382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3384 attached => {parent_tid=[3384]}, 88) = 3384 [pid 3384] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3384] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3382] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3384] <... futex resumed>) = 0 [pid 3384] creat("./bus", 000 [pid 3382] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3384] <... creat resumed>) = 4 [pid 3384] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3384] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3382] <... futex resumed>) = 0 [pid 3382] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3384] <... futex resumed>) = 0 [pid 3384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3382] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3384] <... mount resumed>) = 0 [pid 3384] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3382] <... futex resumed>) = 0 [pid 3384] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3382] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3382] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3384] <... open resumed>) = 5 [pid 3384] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3382] <... futex resumed>) = 0 [pid 3384] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3382] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3382] <... futex resumed>) = 0 [pid 3384] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3382] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3384] <... mmap resumed>) = 0x20000000 [pid 3383] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d7f} --- [pid 3384] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3382] <... futex resumed>) = 0 [pid 3384] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3382] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3382] <... futex resumed>) = 0 [pid 3384] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3384] +++ killed by SIGBUS +++ [pid 3383] +++ killed by SIGBUS +++ [pid 3382] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3382, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./956", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./956", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./956/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./956/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./956/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./956/bus") = 0 umount2("./956/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./956/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./956/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./956") = 0 mkdir("./957", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3385 ./strace-static-x86_64: Process 3385 attached [pid 3385] set_robust_list(0x5555564336a0, 24) = 0 [pid 3385] chdir("./957") = 0 [pid 3385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3385] setpgid(0, 0) = 0 [pid 3385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3385] write(3, "1000", 4) = 4 [pid 3385] close(3) = 0 [pid 3385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3385] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3385] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3385] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3386 attached [pid 3386] set_robust_list(0x7f22e15909a0, 24 [pid 3385] <... clone3 resumed> => {parent_tid=[3386]}, 88) = 3386 [pid 3386] <... set_robust_list resumed>) = 0 [pid 3385] rt_sigprocmask(SIG_SETMASK, [], [pid 3386] rt_sigprocmask(SIG_SETMASK, [], [pid 3385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3385] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3386] memfd_create("syzkaller", 0 [pid 3385] <... futex resumed>) = 0 [pid 3385] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3386] <... memfd_create resumed>) = 3 [pid 3385] <... futex resumed>) = 0 [pid 3386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3386] <... mmap resumed>) = 0x7f22d914f000 [pid 3385] <... mmap resumed>) = 0x7f22e154f000 [pid 3385] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3387]}, 88) = 3387 ./strace-static-x86_64: Process 3387 attached [pid 3387] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3387] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3385] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3387] <... futex resumed>) = 0 [pid 3387] creat("./bus", 000 [pid 3385] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3387] <... creat resumed>) = 4 [pid 3387] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3387] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3385] <... futex resumed>) = 0 [pid 3385] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3387] <... futex resumed>) = 0 [pid 3387] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3385] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3387] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3387] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3385] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3387] <... futex resumed>) = 0 [pid 3385] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3387] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3387] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3385] <... futex resumed>) = 0 [pid 3387] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3385] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3385] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3387] <... mmap resumed>) = 0x20000000 [pid 3386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000dbf} --- [pid 3387] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3385] <... futex resumed>) = 0 [pid 3385] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3387] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3387] +++ killed by SIGBUS +++ [pid 3386] +++ killed by SIGBUS +++ [pid 3385] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3385, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./957", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./957", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./957/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./957/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./957/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./957/bus") = 0 umount2("./957/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./957/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./957/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./957") = 0 mkdir("./958", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3388 ./strace-static-x86_64: Process 3388 attached [pid 3388] set_robust_list(0x5555564336a0, 24) = 0 [pid 3388] chdir("./958") = 0 [pid 3388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3388] setpgid(0, 0) = 0 [pid 3388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3388] write(3, "1000", 4) = 4 [pid 3388] close(3) = 0 [pid 3388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3388] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3388] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3388] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3388] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3389 attached [pid 3389] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3389] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3388] <... clone3 resumed> => {parent_tid=[3389]}, 88) = 3389 [pid 3388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3388] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3389] <... futex resumed>) = 0 [pid 3389] memfd_create("syzkaller", 0 [pid 3388] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3388] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 3389] <... memfd_create resumed>) = 3 [pid 3388] <... clone3 resumed> => {parent_tid=[3390]}, 88) = 3390 [pid 3389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3388] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3388] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3390 attached [pid 3390] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3390] creat("./bus", 000) = 4 [pid 3390] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3388] <... futex resumed>) = 0 [pid 3388] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3388] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3390] <... futex resumed>) = 1 [pid 3390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3389] <... mmap resumed>) = 0x7f22d914f000 [pid 3390] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3388] <... futex resumed>) = 0 [pid 3388] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3388] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3390] <... futex resumed>) = 1 [pid 3390] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3390] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3388] <... futex resumed>) = 0 [pid 3388] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3388] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3390] <... futex resumed>) = 1 [pid 3390] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3389] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000d00} --- [pid 3390] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 3388] <... futex resumed>) = ? [pid 3389] +++ killed by SIGBUS +++ [pid 3390] +++ killed by SIGBUS +++ [pid 3388] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3388, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./958", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./958", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./958/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./958/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./958/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./958/bus") = 0 umount2("./958/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./958/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./958/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./958") = 0 mkdir("./959", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3391 ./strace-static-x86_64: Process 3391 attached [pid 3391] set_robust_list(0x5555564336a0, 24) = 0 [pid 3391] chdir("./959") = 0 [pid 3391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3391] setpgid(0, 0) = 0 [pid 3391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3391] write(3, "1000", 4) = 4 [pid 3391] close(3) = 0 [pid 3391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3391] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3391] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3392]}, 88) = 3392 [pid 3391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3391] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3391] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3393]}, 88) = 3393 ./strace-static-x86_64: Process 3393 attached [pid 3391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3391] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3392 attached [pid 3392] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3392] memfd_create("syzkaller", 0 [pid 3393] set_robust_list(0x7f22e156f9a0, 24 [pid 3392] <... memfd_create resumed>) = 3 [pid 3392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3393] <... set_robust_list resumed>) = 0 [pid 3393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3393] creat("./bus", 000) = 4 [pid 3393] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3391] <... futex resumed>) = 0 [pid 3391] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3393] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3393] <... mount resumed>) = 0 [pid 3393] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3391] <... futex resumed>) = 0 [pid 3391] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3393] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3392] <... write resumed>) = 262144 [pid 3392] munmap(0x7f22d914f000, 138412032) = 0 [pid 3392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3392] ioctl(6, LOOP_SET_FD, 3 [pid 3393] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3392] <... ioctl resumed>) = 0 [pid 3392] close(3) = 0 [pid 3392] close(6) = 0 [pid 3392] mkdir("./file0", 0777) = 0 [pid 3392] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3391] <... futex resumed>) = 0 [pid 3391] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3393] <... futex resumed>) = 1 [pid 3393] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 3393] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3391] <... futex resumed>) = 0 [pid 3391] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3393] <... futex resumed>) = 1 [pid 3393] memfd_create("syzkaller", 0) = 3 [pid 3393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3392] <... mount resumed>) = 0 [pid 3392] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3392] ioctl(6, LOOP_CLR_FD) = 0 [pid 3392] close(6) = 0 [pid 3392] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3392] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3393] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3393] munmap(0x7f22d914f000, 138412032) = 0 [pid 3393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3393] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3393] ioctl(6, LOOP_CLR_FD) = 0 [pid 3393] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3393] close(6) = 0 [pid 3393] close(3) = 0 [pid 3393] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] exit_group(0 [pid 3392] <... futex resumed>) = ? [pid 3391] <... exit_group resumed>) = ? [pid 3392] +++ exited with 0 +++ [pid 3393] +++ exited with 0 +++ [pid 3391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3391, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [ 71.150737][ T3392] loop0: detected capacity change from 0 to 512 [ 71.161026][ T3392] EXT4-fs (loop0): 1 truncate cleaned up [ 71.166618][ T3392] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./959", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./959", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./959/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./959/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./959/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./959/bus") = 0 umount2("./959/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./959/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./959/binderfs") = 0 umount2("./959/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./959/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./959/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./959/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./959/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./959/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./959") = 0 mkdir("./960", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3395 ./strace-static-x86_64: Process 3395 attached [pid 3395] set_robust_list(0x5555564336a0, 24) = 0 [pid 3395] chdir("./960") = 0 [pid 3395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3395] setpgid(0, 0) = 0 [pid 3395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3395] write(3, "1000", 4) = 4 [pid 3395] close(3) = 0 [pid 3395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3395] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3395] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3395] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3396]}, 88) = 3396 [pid 3395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3395] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3395] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3395] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3397]}, 88) = 3397 [pid 3395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3395] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3395] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3397 attached [pid 3397] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3397] creat("./bus", 000) = 3 [pid 3397] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3395] <... futex resumed>) = 0 [pid 3395] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3395] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3397] <... futex resumed>) = 1 [pid 3397] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3397] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3395] <... futex resumed>) = 0 [pid 3395] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3395] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3397] <... futex resumed>) = 1 [pid 3397] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3397] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3395] <... futex resumed>) = 0 [pid 3395] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3395] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3397] <... futex resumed>) = 1 [pid 3397] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3397] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3395] <... futex resumed>) = 0 [pid 3395] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3397] <... futex resumed>) = 1 [pid 3397] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- ./strace-static-x86_64: Process 3396 attached [pid 3396] +++ killed by SIGBUS +++ [pid 3397] +++ killed by SIGBUS +++ [pid 3395] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3395, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./960", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./960", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./960/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./960/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./960/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./960/bus") = 0 umount2("./960/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./960/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./960/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./960") = 0 mkdir("./961", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3398 ./strace-static-x86_64: Process 3398 attached [pid 3398] set_robust_list(0x5555564336a0, 24) = 0 [pid 3398] chdir("./961") = 0 [pid 3398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3398] setpgid(0, 0) = 0 [pid 3398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3398] write(3, "1000", 4) = 4 [pid 3398] close(3) = 0 [pid 3398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3398] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3398] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3398] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3399]}, 88) = 3399 [pid 3398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3398] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3398] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3398] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3399 attached ./strace-static-x86_64: Process 3400 attached [pid 3399] set_robust_list(0x7f22e15909a0, 24 [pid 3400] set_robust_list(0x7f22e156f9a0, 24 [pid 3399] <... set_robust_list resumed>) = 0 [pid 3398] <... clone3 resumed> => {parent_tid=[3400]}, 88) = 3400 [pid 3400] <... set_robust_list resumed>) = 0 [pid 3399] rt_sigprocmask(SIG_SETMASK, [], [pid 3398] rt_sigprocmask(SIG_SETMASK, [], [pid 3400] rt_sigprocmask(SIG_SETMASK, [], [pid 3399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3399] memfd_create("syzkaller", 0 [pid 3398] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3398] <... futex resumed>) = 0 [pid 3399] <... memfd_create resumed>) = 3 [pid 3400] creat("./bus", 000 [pid 3399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3398] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3399] <... mmap resumed>) = 0x7f22d914f000 [pid 3399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3399] munmap(0x7f22d914f000, 138412032 [pid 3400] <... creat resumed>) = 4 [pid 3400] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3399] <... munmap resumed>) = 0 [pid 3400] <... futex resumed>) = 1 [pid 3399] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3398] <... futex resumed>) = 0 [pid 3398] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3400] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3399] <... openat resumed>) = 5 [pid 3398] <... futex resumed>) = 0 [pid 3399] ioctl(5, LOOP_SET_FD, 3 [pid 3400] <... mount resumed>) = 0 [pid 3398] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3400] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3400] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3399] <... ioctl resumed>) = 0 [pid 3398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3398] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3400] <... futex resumed>) = 0 [pid 3398] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3400] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3400] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3398] <... futex resumed>) = 0 [pid 3400] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3398] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3398] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3399] close(3) = 0 [pid 3399] close(5 [pid 3400] <... mmap resumed>) = 0x20000000 [pid 3399] <... close resumed>) = 0 [pid 3399] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3399] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3399] ioctl(3, LOOP_CLR_FD) = 0 [pid 3399] close(3) = 0 [pid 3400] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3399] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3400] <... futex resumed>) = 1 [pid 3399] <... futex resumed>) = 0 [pid 3398] <... futex resumed>) = 0 [pid 3398] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3400] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3399] memfd_create("syzkaller", 0) = 3 [pid 3399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3399] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3399] munmap(0x7f22d914f000, 138412032) = 0 [pid 3399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3399] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3399] ioctl(5, LOOP_CLR_FD) = 0 [pid 3399] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3399] close(5) = 0 [pid 3399] close(3) = 0 [pid 3399] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3399] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3398] exit_group(0 [pid 3399] <... futex resumed>) = ? [pid 3398] <... exit_group resumed>) = ? [pid 3400] <... futex resumed>) = ? [ 71.215847][ T293] EXT4-fs (loop0): unmounting filesystem. [ 71.247543][ T3399] loop0: detected capacity change from 0 to 512 [pid 3399] +++ exited with 0 +++ [pid 3400] +++ exited with 0 +++ [pid 3398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3398, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./961", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./961", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./961/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./961/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./961/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./961/bus") = 0 umount2("./961/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./961/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./961/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./961") = 0 mkdir("./962", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3401 ./strace-static-x86_64: Process 3401 attached [pid 3401] set_robust_list(0x5555564336a0, 24) = 0 [pid 3401] chdir("./962") = 0 [pid 3401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3401] setpgid(0, 0) = 0 [pid 3401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3401] write(3, "1000", 4) = 4 [pid 3401] close(3) = 0 [pid 3401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3401] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3401] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3401] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3402 attached => {parent_tid=[3402]}, 88) = 3402 [pid 3401] rt_sigprocmask(SIG_SETMASK, [], [pid 3402] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3402] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3401] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3402] <... futex resumed>) = 0 [pid 3402] memfd_create("syzkaller", 0 [pid 3401] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3402] <... memfd_create resumed>) = 3 [pid 3402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3401] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3403]}, 88) = 3403 [pid 3401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3401] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3401] <... futex resumed>) = 0 [pid 3401] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3403 attached [pid 3403] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3403] rt_sigprocmask(SIG_SETMASK, [], [pid 3402] <... write resumed>) = 262144 [pid 3403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3402] munmap(0x7f22d9170000, 138412032 [pid 3403] creat("./bus", 000) = 4 [pid 3403] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3402] <... munmap resumed>) = 0 [pid 3403] <... futex resumed>) = 1 [pid 3401] <... futex resumed>) = 0 [pid 3402] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3403] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3402] <... openat resumed>) = 5 [pid 3401] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3401] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3403] <... mount resumed>) = 0 [pid 3402] ioctl(5, LOOP_SET_FD, 3 [pid 3403] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3401] <... futex resumed>) = 0 [pid 3403] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3401] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3403] <... open resumed>) = 6 [pid 3403] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3403] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3402] <... ioctl resumed>) = 0 [pid 3401] <... futex resumed>) = 1 [pid 3403] <... futex resumed>) = 0 [pid 3403] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3402] close(3 [pid 3401] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3402] <... close resumed>) = 0 [pid 3401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3402] close(5 [pid 3401] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3403] <... futex resumed>) = 0 [pid 3403] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x20000000 [pid 3403] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3403] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3402] <... close resumed>) = 0 [pid 3401] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3401] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3402] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3402] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3402] ioctl(3, LOOP_CLR_FD) = 0 [pid 3402] close(3) = 0 [pid 3402] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3402] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3403] <... futex resumed>) = 0 [pid 3403] memfd_create("syzkaller", 0) = 3 [pid 3403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3403] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3403] munmap(0x7f22d9170000, 138412032) = 0 [pid 3403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3403] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3403] ioctl(5, LOOP_CLR_FD) = 0 [pid 3403] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3403] close(5) = 0 [pid 3403] close(3) = 0 [pid 3403] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3403] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3401] exit_group(0 [pid 3402] <... futex resumed>) = ? [pid 3401] <... exit_group resumed>) = ? [pid 3402] +++ exited with 0 +++ [pid 3403] <... futex resumed>) = ? [pid 3403] +++ exited with 0 +++ [pid 3401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3401, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./962", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./962", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./962/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./962/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./962/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./962/bus") = 0 umount2("./962/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./962/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./962/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./962") = 0 mkdir("./963", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3404 ./strace-static-x86_64: Process 3404 attached [pid 3404] set_robust_list(0x5555564336a0, 24) = 0 [pid 3404] chdir("./963") = 0 [pid 3404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3404] setpgid(0, 0) = 0 [pid 3404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3404] write(3, "1000", 4) = 4 [pid 3404] close(3) = 0 [pid 3404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3404] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3404] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3405]}, 88) = 3405 [pid 3404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3404] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3404] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3406]}, 88) = 3406 [pid 3404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3404] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3406 attached [pid 3406] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3406] creat("./bus", 000) = 3 [pid 3406] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3404] <... futex resumed>) = 0 [pid 3404] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3406] <... futex resumed>) = 1 [pid 3406] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3406] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3404] <... futex resumed>) = 0 [pid 3404] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3406] <... futex resumed>) = 1 [pid 3406] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3406] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3404] <... futex resumed>) = 0 [pid 3404] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3406] <... futex resumed>) = 1 [pid 3406] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3406] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3404] <... futex resumed>) = 0 [pid 3404] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3406] <... futex resumed>) = 1 [pid 3406] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3406] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3405 attached [pid 3405] +++ killed by SIGBUS +++ [pid 3404] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3404, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./963", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./963", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./963/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./963/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./963/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 71.316180][ T3402] loop0: detected capacity change from 0 to 512 unlink("./963/bus") = 0 umount2("./963/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./963/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./963/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./963") = 0 mkdir("./964", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3407 ./strace-static-x86_64: Process 3407 attached [pid 3407] set_robust_list(0x5555564336a0, 24) = 0 [pid 3407] chdir("./964") = 0 [pid 3407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3407] setpgid(0, 0) = 0 [pid 3407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3407] write(3, "1000", 4) = 4 [pid 3407] close(3) = 0 [pid 3407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3407] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3407] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3407] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3408 attached [pid 3408] set_robust_list(0x7f22e15909a0, 24 [pid 3407] <... clone3 resumed> => {parent_tid=[3408]}, 88) = 3408 [pid 3408] <... set_robust_list resumed>) = 0 [pid 3407] rt_sigprocmask(SIG_SETMASK, [], [pid 3408] rt_sigprocmask(SIG_SETMASK, [], [pid 3407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3407] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3408] memfd_create("syzkaller", 0 [pid 3407] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3408] <... memfd_create resumed>) = 3 [pid 3407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3407] <... mmap resumed>) = 0x7f22e154f000 [pid 3407] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3408] <... mmap resumed>) = 0x7f22d914f000 [pid 3407] <... mprotect resumed>) = 0 [pid 3407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3409 attached => {parent_tid=[3409]}, 88) = 3409 [pid 3409] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3409] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3407] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3409] <... futex resumed>) = 0 [pid 3409] creat("./bus", 000 [pid 3407] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3409] <... creat resumed>) = 4 [pid 3409] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3407] <... futex resumed>) = 0 [pid 3409] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3407] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3407] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3409] <... mount resumed>) = 0 [pid 3409] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3407] <... futex resumed>) = 0 [pid 3409] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3407] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3407] <... futex resumed>) = 0 [pid 3407] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3409] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3409] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3407] <... futex resumed>) = 0 [pid 3407] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3407] <... futex resumed>) = 0 [pid 3407] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3409] <... mmap resumed>) = 0x20000000 [pid 3408] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000da5} --- [pid 3407] <... futex resumed>) = ? [pid 3408] +++ killed by SIGBUS +++ [pid 3409] +++ killed by SIGBUS +++ [pid 3407] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3407, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./964", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./964", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./964/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./964/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./964/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./964/bus") = 0 umount2("./964/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./964/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./964/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./964") = 0 mkdir("./965", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3410 ./strace-static-x86_64: Process 3410 attached [pid 3410] set_robust_list(0x5555564336a0, 24) = 0 [pid 3410] chdir("./965") = 0 [pid 3410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3410] setpgid(0, 0) = 0 [pid 3410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3410] write(3, "1000", 4) = 4 [pid 3410] close(3) = 0 [pid 3410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3410] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3410] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3410] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3411]}, 88) = 3411 [pid 3410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3410] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3410] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3410] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3412]}, 88) = 3412 ./strace-static-x86_64: Process 3412 attached [pid 3410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3410] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3410] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3411 attached [pid 3411] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3412] set_robust_list(0x7f22e156f9a0, 24 [pid 3411] memfd_create("syzkaller", 0) = 3 [pid 3411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3412] <... set_robust_list resumed>) = 0 [pid 3412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3412] creat("./bus", 000) = 4 [pid 3412] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3410] <... futex resumed>) = 0 [pid 3410] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3410] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3412] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3412] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3410] <... futex resumed>) = 0 [pid 3410] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3410] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3412] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 3411] <... write resumed>) = 262144 [pid 3411] munmap(0x7f22d914f000, 138412032 [pid 3412] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3411] <... munmap resumed>) = 0 [pid 3411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3411] ioctl(6, LOOP_SET_FD, 3 [pid 3412] <... futex resumed>) = 1 [pid 3410] <... futex resumed>) = 0 [pid 3410] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3410] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3412] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3411] <... ioctl resumed>) = 0 [pid 3411] close(3) = 0 [pid 3411] close(6) = 0 [pid 3411] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3411] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3411] ioctl(3, LOOP_CLR_FD) = 0 [pid 3411] close(3) = 0 [pid 3411] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3411] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3412] <... mmap resumed>) = 0x20000000 [pid 3412] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3410] <... futex resumed>) = 0 [pid 3410] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3411] <... futex resumed>) = 0 [pid 3411] memfd_create("syzkaller", 0) = 3 [pid 3411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3412] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3411] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3411] munmap(0x7f22d914f000, 138412032) = 0 [pid 3411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3411] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3411] ioctl(6, LOOP_CLR_FD) = 0 [pid 3411] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3411] close(6) = 0 [pid 3411] close(3) = 0 [pid 3411] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3411] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3410] exit_group(0 [pid 3412] <... futex resumed>) = ? [pid 3410] <... exit_group resumed>) = ? [pid 3412] +++ exited with 0 +++ [pid 3411] <... futex resumed>) = ? [pid 3411] +++ exited with 0 +++ [pid 3410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3410, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./965", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./965", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./965/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./965/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./965/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./965/bus") = 0 [ 71.410759][ T3411] loop0: detected capacity change from 0 to 512 [ 71.417376][ T3412] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 31 prio class 2 umount2("./965/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./965/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./965/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./965") = 0 mkdir("./966", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3413 attached , child_tidptr=0x555556433690) = 3413 [pid 3413] set_robust_list(0x5555564336a0, 24) = 0 [pid 3413] chdir("./966") = 0 [pid 3413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3413] setpgid(0, 0) = 0 [pid 3413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3413] write(3, "1000", 4) = 4 [pid 3413] close(3) = 0 [pid 3413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3413] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3413] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3413] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3414 attached => {parent_tid=[3414]}, 88) = 3414 [pid 3413] rt_sigprocmask(SIG_SETMASK, [], [pid 3414] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3414] rt_sigprocmask(SIG_SETMASK, [], [pid 3413] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3414] memfd_create("syzkaller", 0 [pid 3413] <... futex resumed>) = 0 [pid 3413] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3413] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3414] <... memfd_create resumed>) = 3 [pid 3413] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3413] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3415 attached [pid 3415] set_robust_list(0x7f22e156f9a0, 24 [pid 3413] <... clone3 resumed> => {parent_tid=[3415]}, 88) = 3415 [pid 3413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3413] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3413] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3415] <... set_robust_list resumed>) = 0 [pid 3415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3415] creat("./bus", 000 [pid 3414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3415] <... creat resumed>) = 4 [pid 3415] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3413] <... futex resumed>) = 0 [pid 3413] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3414] <... write resumed>) = 262144 [pid 3414] munmap(0x7f22d914f000, 138412032 [pid 3413] <... futex resumed>) = 0 [pid 3414] <... munmap resumed>) = 0 [pid 3413] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3414] ioctl(5, LOOP_SET_FD, 3 [pid 3415] <... mount resumed>) = 0 [pid 3414] <... ioctl resumed>) = 0 [pid 3414] close(3) = 0 [pid 3414] close(5 [pid 3415] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3414] <... close resumed>) = 0 [pid 3415] <... futex resumed>) = 1 [pid 3413] <... futex resumed>) = 0 [pid 3413] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3415] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3414] mkdir("./file0", 0777 [pid 3413] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3414] <... mkdir resumed>) = 0 [pid 3415] <... open resumed>) = 3 [pid 3415] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3413] <... futex resumed>) = 0 [pid 3413] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3413] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3415] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3414] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3414] ioctl(5, LOOP_CLR_FD) = 0 [pid 3414] close(5) = 0 [pid 3414] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3414] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3415] <... mmap resumed>) = 0x20000000 [pid 3415] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3413] <... futex resumed>) = 0 [pid 3413] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3414] <... futex resumed>) = 0 [pid 3414] memfd_create("syzkaller", 0) = 5 [pid 3414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3415] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3414] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3414] munmap(0x7f22d914f000, 138412032) = 0 [pid 3414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3414] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3414] ioctl(6, LOOP_CLR_FD) = 0 [pid 3414] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3414] close(6) = 0 [pid 3414] close(5) = 0 [pid 3414] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3414] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3413] exit_group(0) = ? [pid 3415] <... futex resumed>) = ? [pid 3414] <... futex resumed>) = ? [pid 3415] +++ exited with 0 +++ [pid 3414] +++ exited with 0 +++ [pid 3413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3413, si_uid=0, si_status=0, si_utime=1, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./966", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./966", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./966/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./966/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./966/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./966/bus") = 0 umount2("./966/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./966/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 71.504046][ T3414] loop0: detected capacity change from 0 to 512 unlink("./966/binderfs") = 0 umount2("./966/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./966/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./966/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./966/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./966/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./966") = 0 mkdir("./967", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3416 ./strace-static-x86_64: Process 3416 attached [pid 3416] set_robust_list(0x5555564336a0, 24) = 0 [pid 3416] chdir("./967") = 0 [pid 3416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3416] setpgid(0, 0) = 0 [pid 3416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3416] write(3, "1000", 4) = 4 [pid 3416] close(3) = 0 [pid 3416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3416] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3416] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3416] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3417 attached [pid 3417] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3417] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3416] <... clone3 resumed> => {parent_tid=[3417]}, 88) = 3417 [pid 3416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3416] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3417] <... futex resumed>) = 0 [pid 3416] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3417] memfd_create("syzkaller", 0) = 3 [pid 3416] <... futex resumed>) = 0 [pid 3417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3416] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3416] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3416] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0} => {parent_tid=[3418]}, 88) = 3418 [pid 3416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3416] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3416] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3417] <... write resumed>) = 262144 [pid 3417] munmap(0x7f22d9170000, 138412032./strace-static-x86_64: Process 3418 attached ) = 0 [pid 3418] set_robust_list(0x7f22d916f9a0, 24 [pid 3417] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3418] <... set_robust_list resumed>) = 0 [pid 3417] <... openat resumed>) = 4 [pid 3418] rt_sigprocmask(SIG_SETMASK, [], [pid 3417] ioctl(4, LOOP_SET_FD, 3 [pid 3418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3418] creat("./bus", 000) = 5 [pid 3418] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3416] <... futex resumed>) = 0 [pid 3416] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3416] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3418] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3418] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3416] <... futex resumed>) = 0 [pid 3416] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3416] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3418] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 6 [pid 3418] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3416] <... futex resumed>) = 0 [pid 3416] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3416] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3418] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 3417] <... ioctl resumed>) = 0 [pid 3417] close(3) = 0 [pid 3417] close(4 [pid 3418] <... mmap resumed>) = 0x20000000 [pid 3418] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3416] <... futex resumed>) = 0 [pid 3416] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3418] memfd_create("syzkaller", 0) = 3 [pid 3418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d9170000 [pid 3417] <... close resumed>) = 0 [pid 3417] mkdir(0x200000c0, 0777) = -1 ENOENT (No such file or directory) [pid 3417] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3417] ioctl(4, LOOP_CLR_FD) = 0 [pid 3417] close(4) = 0 [pid 3417] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3417] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3418] write(3, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3418] munmap(0x7f22d9170000, 138412032) = 0 [pid 3418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3418] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3418] ioctl(4, LOOP_CLR_FD) = 0 [pid 3418] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3418] close(4) = 0 [pid 3418] close(3) = 0 [pid 3418] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3418] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3416] exit_group(0) = ? [pid 3417] <... futex resumed>) = ? [pid 3417] +++ exited with 0 +++ [pid 3418] <... futex resumed>) = ? [pid 3418] +++ exited with 0 +++ [pid 3416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3416, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./967", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./967", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./967/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./967/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./967/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./967/bus") = 0 umount2("./967/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./967/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./967/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./967") = 0 mkdir("./968", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3419 ./strace-static-x86_64: Process 3419 attached [pid 3419] set_robust_list(0x5555564336a0, 24) = 0 [pid 3419] chdir("./968") = 0 [pid 3419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3419] setpgid(0, 0) = 0 [pid 3419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3419] write(3, "1000", 4) = 4 [pid 3419] close(3) = 0 [pid 3419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3419] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3419] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3420]}, 88) = 3420 [pid 3419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3419] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3419] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3421]}, 88) = 3421 [pid 3419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3419] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3421 attached [pid 3421] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3421] creat("./bus", 000) = 3 [pid 3421] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3419] <... futex resumed>) = 0 [pid 3419] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3421] <... futex resumed>) = 1 [pid 3421] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3421] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3419] <... futex resumed>) = 0 [pid 3419] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3421] <... futex resumed>) = 1 [pid 3421] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3421] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3419] <... futex resumed>) = 0 [pid 3419] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3421] <... futex resumed>) = 1 [pid 3421] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 3421] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3419] <... futex resumed>) = 0 [pid 3419] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3421] <... futex resumed>) = 1 [pid 3421] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3421] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3420 attached [pid 3420] +++ killed by SIGBUS +++ [pid 3419] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3419, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./968", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./968", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./968/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./968/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./968/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./968/bus") = 0 umount2("./968/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./968/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./968/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 71.584176][ T3417] loop0: detected capacity change from 0 to 512 rmdir("./968") = 0 mkdir("./969", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3422 ./strace-static-x86_64: Process 3422 attached [pid 3422] set_robust_list(0x5555564336a0, 24) = 0 [pid 3422] chdir("./969") = 0 [pid 3422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3422] setpgid(0, 0) = 0 [pid 3422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3422] write(3, "1000", 4) = 4 [pid 3422] close(3) = 0 [pid 3422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3422] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3422] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3422] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3423 attached [pid 3423] set_robust_list(0x7f22e15909a0, 24 [pid 3422] <... clone3 resumed> => {parent_tid=[3423]}, 88) = 3423 [pid 3423] <... set_robust_list resumed>) = 0 [pid 3422] rt_sigprocmask(SIG_SETMASK, [], [pid 3423] rt_sigprocmask(SIG_SETMASK, [], [pid 3422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3422] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3422] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3423] memfd_create("syzkaller", 0 [pid 3422] <... futex resumed>) = 0 [pid 3422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3423] <... memfd_create resumed>) = 3 [pid 3423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3422] <... mmap resumed>) = 0x7f22e154f000 [pid 3422] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3423] <... mmap resumed>) = 0x7f22d914f000 [pid 3422] <... mprotect resumed>) = 0 [pid 3422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3424]}, 88) = 3424 [pid 3422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3422] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3422] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3424 attached [pid 3423] <... write resumed>) = 262144 [pid 3424] set_robust_list(0x7f22e156f9a0, 24 [pid 3423] munmap(0x7f22d914f000, 138412032 [pid 3424] <... set_robust_list resumed>) = 0 [pid 3423] <... munmap resumed>) = 0 [pid 3424] rt_sigprocmask(SIG_SETMASK, [], [pid 3423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3424] creat("./bus", 000 [pid 3423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3424] <... creat resumed>) = 5 [pid 3423] close(3 [pid 3424] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3422] <... futex resumed>) = 0 [pid 3422] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3422] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3424] <... futex resumed>) = 1 [pid 3424] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3423] <... close resumed>) = 0 [pid 3423] close(4 [pid 3424] <... mount resumed>) = 0 [pid 3423] <... close resumed>) = 0 [pid 3423] mkdir("./file0", 0777) = 0 [pid 3424] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3422] <... futex resumed>) = 0 [pid 3424] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3422] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3424] <... open resumed>) = 3 [pid 3422] <... futex resumed>) = 0 [pid 3424] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3422] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3424] <... futex resumed>) = 0 [pid 3422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3424] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3422] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3423] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3422] <... futex resumed>) = 0 [pid 3422] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3424] <... mmap resumed>) = 0x20000000 [pid 3424] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3422] <... futex resumed>) = 0 [pid 3424] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3422] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3424] memfd_create("syzkaller", 0) = 4 [pid 3424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3423] <... mount resumed>) = 0 [pid 3423] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3423] ioctl(6, LOOP_CLR_FD) = 0 [pid 3423] close(6) = 0 [pid 3423] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3423] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3424] write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3424] munmap(0x7f22d914f000, 138412032) = 0 [pid 3424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3424] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3424] ioctl(6, LOOP_CLR_FD) = 0 [pid 3424] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 3424] close(6) = 0 [pid 3424] close(4) = 0 [pid 3424] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3424] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3422] exit_group(0 [pid 3423] <... futex resumed>) = ? [pid 3422] <... exit_group resumed>) = ? [pid 3423] +++ exited with 0 +++ [pid 3424] <... futex resumed>) = ? [pid 3424] +++ exited with 0 +++ [pid 3422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3422, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- umount2("./969", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./969", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./969/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./969/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./969/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./969/bus") = 0 umount2("./969/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./969/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./969/binderfs") = 0 [ 71.654542][ T3423] loop0: detected capacity change from 0 to 512 [ 71.669898][ T3423] EXT4-fs (loop0): 1 truncate cleaned up [ 71.675970][ T3423] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./969/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./969/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./969/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./969/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./969/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./969/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./969") = 0 mkdir("./970", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3427 ./strace-static-x86_64: Process 3427 attached [pid 3427] set_robust_list(0x5555564336a0, 24) = 0 [pid 3427] chdir("./970") = 0 [pid 3427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3427] setpgid(0, 0) = 0 [pid 3427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3427] write(3, "1000", 4) = 4 [pid 3427] close(3) = 0 [pid 3427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3427] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3427] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3427] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3427] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0} => {parent_tid=[3428]}, 88) = 3428 [pid 3427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3427] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3427] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3427] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3429]}, 88) = 3429 [pid 3427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3427] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3427] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3428 attached [pid 3428] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3428] memfd_create("syzkaller", 0) = 3 [pid 3428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 ./strace-static-x86_64: Process 3429 attached [pid 3429] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3429] creat("./bus", 000 [pid 3428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3429] <... creat resumed>) = 4 [pid 3429] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3427] <... futex resumed>) = 0 [pid 3427] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3427] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3429] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3428] <... write resumed>) = 262144 [pid 3428] munmap(0x7f22d914f000, 138412032) = 0 [pid 3428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3428] ioctl(5, LOOP_SET_FD, 3 [pid 3429] <... mount resumed>) = 0 [pid 3429] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3429] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3428] <... ioctl resumed>) = 0 [pid 3427] <... futex resumed>) = 0 [pid 3427] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3428] close(3) = 0 [pid 3427] <... futex resumed>) = 1 [pid 3429] <... futex resumed>) = 0 [pid 3429] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3428] close(5 [pid 3427] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3429] <... open resumed>) = 3 [pid 3429] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3429] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3428] <... close resumed>) = 0 [pid 3427] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3427] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3428] mkdir("./file0", 0777 [pid 3429] <... futex resumed>) = 0 [pid 3429] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 3428] <... mkdir resumed>) = 0 [pid 3428] mount("/dev/loop0", 0x200000c0, 0x20000180, 0, "") = -1 ENOENT (No such file or directory) [pid 3428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 3428] ioctl(5, LOOP_CLR_FD) = 0 [pid 3428] close(5) = 0 [pid 3428] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3428] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3429] <... mmap resumed>) = 0x20000000 [pid 3429] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3427] <... futex resumed>) = 0 [pid 3429] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3427] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3428] <... futex resumed>) = 0 [pid 3428] memfd_create("syzkaller", 0) = 5 [pid 3428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3428] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3428] munmap(0x7f22d914f000, 138412032) = 0 [pid 3428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3428] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3428] ioctl(6, LOOP_CLR_FD) = 0 [pid 3428] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3428] close(6) = 0 [pid 3428] close(5) = 0 [pid 3428] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3428] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3427] exit_group(0) = ? [pid 3429] <... futex resumed>) = ? [pid 3429] +++ exited with 0 +++ [pid 3428] <... futex resumed>) = ? [pid 3428] +++ exited with 0 +++ [pid 3427] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3427, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./970", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./970", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./970/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./970/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./970/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./970/bus") = 0 umount2("./970/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./970/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./970/binderfs") = 0 umount2("./970/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./970/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./970/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./970/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./970/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./970") = 0 mkdir("./971", 0777) = 0 [ 71.724410][ T293] EXT4-fs (loop0): unmounting filesystem. [ 71.748565][ T3428] loop0: detected capacity change from 0 to 512 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3430 ./strace-static-x86_64: Process 3430 attached [pid 3430] set_robust_list(0x5555564336a0, 24) = 0 [pid 3430] chdir("./971") = 0 [pid 3430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3430] setpgid(0, 0) = 0 [pid 3430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3430] write(3, "1000", 4) = 4 [pid 3430] close(3) = 0 [pid 3430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3430] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3430] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3430] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3430] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3431 attached => {parent_tid=[3431]}, 88) = 3431 [pid 3431] set_robust_list(0x7f22e15909a0, 24 [pid 3430] rt_sigprocmask(SIG_SETMASK, [], [pid 3431] <... set_robust_list resumed>) = 0 [pid 3430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3431] rt_sigprocmask(SIG_SETMASK, [], [pid 3430] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3430] <... futex resumed>) = 0 [pid 3430] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3431] memfd_create("syzkaller", 0 [pid 3430] <... mmap resumed>) = 0x7f22e154f000 [pid 3430] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3431] <... memfd_create resumed>) = 3 [pid 3430] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3430] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3431] <... mmap resumed>) = 0x7f22d914f000 [pid 3430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3432]}, 88) = 3432 [pid 3430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3430] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3430] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3431] munmap(0x7f22d914f000, 138412032) = 0 [pid 3431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3431] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3432 attached ) = 0 [pid 3432] set_robust_list(0x7f22e156f9a0, 24 [pid 3431] close(3 [pid 3432] <... set_robust_list resumed>) = 0 [pid 3431] <... close resumed>) = 0 [pid 3432] rt_sigprocmask(SIG_SETMASK, [], [pid 3431] close(4 [pid 3432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3431] <... close resumed>) = 0 [pid 3432] creat("./bus", 000 [pid 3431] mkdir("./file0", 0777 [pid 3432] <... creat resumed>) = 3 [pid 3432] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3431] <... mkdir resumed>) = 0 [pid 3432] <... futex resumed>) = 1 [pid 3431] mount("/dev/loop0", "./file0", "ext4", 0, "prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=contin"... [pid 3430] <... futex resumed>) = 0 [pid 3432] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3430] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3430] <... futex resumed>) = 0 [pid 3430] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3432] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3432] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3430] <... futex resumed>) = 0 [pid 3432] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3430] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3432] <... open resumed>) = 4 [pid 3430] <... futex resumed>) = 0 [pid 3432] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3430] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3432] <... futex resumed>) = 0 [pid 3430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3432] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3430] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3430] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3432] <... mmap resumed>) = 0x20000000 [pid 3432] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3430] <... futex resumed>) = 0 [pid 3432] memfd_create("syzkaller", 0 [pid 3430] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3432] <... memfd_create resumed>) = 5 [pid 3432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3431] <... mount resumed>) = 0 [pid 3431] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 3431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3431] ioctl(6, LOOP_CLR_FD) = 0 [pid 3431] close(6) = 0 [pid 3431] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3431] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3432] write(5, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x3f\x00\x02\x70\x00\x00\x20\xf8\x20\x00\x20\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x3b\xc7\xc8\x1d\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x36\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 4194304) = 4194304 [pid 3432] munmap(0x7f22d914f000, 138412032) = 0 [pid 3432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 3432] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3432] ioctl(6, LOOP_CLR_FD) = 0 [pid 3432] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 3432] close(6) = 0 [pid 3432] close(5) = 0 [pid 3432] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3430] exit_group(0 [pid 3432] <... futex resumed>) = ? [pid 3431] <... futex resumed>) = ? [pid 3430] <... exit_group resumed>) = ? [pid 3431] +++ exited with 0 +++ [pid 3432] +++ exited with 0 +++ [ 71.814346][ T3431] loop0: detected capacity change from 0 to 512 [ 71.825004][ T3431] EXT4-fs (loop0): 1 truncate cleaned up [ 71.830634][ T3431] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 3430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3430, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./971", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./971", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 5 entries */, 32768) = 136 umount2("./971/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./971/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./971/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./971/bus") = 0 umount2("./971/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./971/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./971/binderfs") = 0 umount2("./971/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./971/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./971/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./971/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./971/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555643c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555643c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./971/file0") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./971") = 0 mkdir("./972", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3434 ./strace-static-x86_64: Process 3434 attached [pid 3434] set_robust_list(0x5555564336a0, 24) = 0 [pid 3434] chdir("./972") = 0 [pid 3434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3434] setpgid(0, 0) = 0 [pid 3434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3434] write(3, "1000", 4) = 4 [pid 3434] close(3) = 0 [pid 3434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3434] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3434] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3434] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3435 attached [pid 3435] set_robust_list(0x7f22e15909a0, 24 [pid 3434] <... clone3 resumed> => {parent_tid=[3435]}, 88) = 3435 [pid 3435] <... set_robust_list resumed>) = 0 [pid 3434] rt_sigprocmask(SIG_SETMASK, [], [pid 3435] rt_sigprocmask(SIG_SETMASK, [], [pid 3434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3434] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3434] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3435] memfd_create("syzkaller", 0) = 3 [pid 3435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3434] <... futex resumed>) = 0 [pid 3435] <... mmap resumed>) = 0x7f22d9170000 [pid 3434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22d914f000 [pid 3434] mprotect(0x7f22d9150000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22d916f990, parent_tid=0x7f22d916f990, exit_signal=0, stack=0x7f22d914f000, stack_size=0x20300, tls=0x7f22d916f6c0}./strace-static-x86_64: Process 3436 attached => {parent_tid=[3436]}, 88) = 3436 [pid 3436] set_robust_list(0x7f22d916f9a0, 24) = 0 [pid 3436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3436] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3434] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3436] <... futex resumed>) = 0 [pid 3436] creat("./bus", 000 [pid 3434] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3436] <... creat resumed>) = 4 [pid 3436] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3436] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3434] <... futex resumed>) = 0 [pid 3434] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3436] <... futex resumed>) = 0 [pid 3436] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3434] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3436] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3434] <... futex resumed>) = 0 [pid 3436] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3434] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3436] <... open resumed>) = 5 [pid 3434] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3436] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3434] <... futex resumed>) = 0 [pid 3436] <... futex resumed>) = 1 [pid 3434] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3436] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3434] <... futex resumed>) = 0 [pid 3434] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3436] <... mmap resumed>) = 0x20000000 [pid 3436] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3436] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3434] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3436] <... futex resumed>) = 0 [pid 3436] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3436] +++ killed by SIGBUS +++ [pid 3435] +++ killed by SIGBUS +++ [pid 3434] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3434, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./972", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./972", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./972/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./972/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./972/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./972/bus") = 0 umount2("./972/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./972/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./972/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./972") = 0 mkdir("./973", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3437 ./strace-static-x86_64: Process 3437 attached [pid 3437] set_robust_list(0x5555564336a0, 24) = 0 [pid 3437] chdir("./973") = 0 [pid 3437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3437] setpgid(0, 0) = 0 [pid 3437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3437] write(3, "1000", 4) = 4 [pid 3437] close(3) = 0 [pid 3437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3437] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3437] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3437] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3437] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3438 attached [pid 3438] set_robust_list(0x7f22e15909a0, 24 [pid 3437] <... clone3 resumed> => {parent_tid=[3438]}, 88) = 3438 [pid 3438] <... set_robust_list resumed>) = 0 [pid 3437] rt_sigprocmask(SIG_SETMASK, [], [pid 3438] rt_sigprocmask(SIG_SETMASK, [], [pid 3437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3437] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3437] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3438] memfd_create("syzkaller", 0 [pid 3437] <... futex resumed>) = 0 [pid 3437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3438] <... memfd_create resumed>) = 3 [pid 3437] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22d914f000 [pid 3437] <... mprotect resumed>) = 0 [pid 3437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0}./strace-static-x86_64: Process 3439 attached [pid 3439] set_robust_list(0x7f22e156f9a0, 24 [pid 3437] <... clone3 resumed> => {parent_tid=[3439]}, 88) = 3439 [pid 3439] <... set_robust_list resumed>) = 0 [pid 3437] rt_sigprocmask(SIG_SETMASK, [], [pid 3439] rt_sigprocmask(SIG_SETMASK, [], [pid 3437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3437] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3439] creat("./bus", 000 [pid 3437] <... futex resumed>) = 0 [pid 3437] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3439] <... creat resumed>) = 4 [pid 3439] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3437] <... futex resumed>) = 0 [pid 3437] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3439] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 3437] <... futex resumed>) = 0 [pid 3439] <... mount resumed>) = 0 [pid 3437] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3439] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3437] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3439] <... futex resumed>) = 0 [pid 3437] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3439] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 3437] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3439] <... open resumed>) = 5 [pid 3439] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3439] futex(0x7f22e165d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3437] <... futex resumed>) = 0 [pid 3437] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3439] <... futex resumed>) = 0 [pid 3437] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3439] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 3438] <... write resumed>) = 262144 [pid 3439] <... mmap resumed>) = 0x20000000 [pid 3438] munmap(0x7f22d914f000, 138412032 [pid 3439] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3437] <... futex resumed>) = 0 [pid 3439] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3437] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3438] <... munmap resumed>) = 0 [pid 3437] <... futex resumed>) = 0 [pid 3439] +++ killed by SIGBUS +++ [pid 3438] +++ killed by SIGBUS +++ [pid 3437] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3437, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./973", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./973", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./973/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./973/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./973/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./973/bus") = 0 umount2("./973/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./973/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./973/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./973") = 0 mkdir("./974", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3440 ./strace-static-x86_64: Process 3440 attached [pid 3440] set_robust_list(0x5555564336a0, 24) = 0 [pid 3440] chdir("./974") = 0 [pid 3440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3440] setpgid(0, 0) = 0 [pid 3440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3440] write(3, "1000", 4) = 4 [pid 3440] close(3) = 0 [pid 3440] symlink("/dev/binderfs", "./binderfs") = 0 [ 71.880406][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 3440] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3440] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3440] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3440] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3440] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3441 attached => {parent_tid=[3441]}, 88) = 3441 [pid 3440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3440] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3440] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3440] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3440] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3441] set_robust_list(0x7f22e15909a0, 24 [pid 3440] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} => {parent_tid=[3442]}, 88) = 3442 [pid 3441] <... set_robust_list resumed>) = 0 [pid 3440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3440] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3440] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3442 attached [pid 3442] set_robust_list(0x7f22e156f9a0, 24) = 0 [pid 3442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3442] creat("./bus", 000 [pid 3441] rt_sigprocmask(SIG_SETMASK, [], [pid 3442] <... creat resumed>) = 3 [pid 3441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3442] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3440] <... futex resumed>) = 0 [pid 3440] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3440] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3442] <... futex resumed>) = 1 [pid 3442] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3441] memfd_create("syzkaller", 0 [pid 3442] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3440] <... futex resumed>) = 0 [pid 3440] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3440] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3442] <... futex resumed>) = 1 [pid 3442] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3442] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3440] <... futex resumed>) = 0 [pid 3440] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3440] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3442] <... futex resumed>) = 1 [pid 3442] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3441] <... memfd_create resumed>) = 5 [pid 3442] <... mmap resumed>) = 0x20000000 [pid 3442] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3440] <... futex resumed>) = 0 [pid 3440] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3442] <... futex resumed>) = 1 [pid 3442] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 3442] +++ killed by SIGBUS +++ [pid 3441] +++ killed by SIGBUS +++ [pid 3440] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3440, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./974", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./974", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556434730 /* 4 entries */, 32768) = 104 umount2("./974/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./974/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./974/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./974/bus") = 0 umount2("./974/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./974/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./974/binderfs") = 0 getdents64(3, 0x555556434730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./974") = 0 mkdir("./975", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556433690) = 3443 ./strace-static-x86_64: Process 3443 attached [pid 3443] set_robust_list(0x5555564336a0, 24) = 0 [pid 3443] chdir("./975") = 0 [pid 3443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3443] setpgid(0, 0) = 0 [pid 3443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3443] write(3, "1000", 4) = 4 [pid 3443] close(3) = 0 [pid 3443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3443] futex(0x7f22e165d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3443] rt_sigaction(SIGRT_1, {sa_handler=0x7f22e15fa1f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22e15eb3a0}, NULL, 8) = 0 [pid 3443] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e1570000 [pid 3443] mprotect(0x7f22e1571000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3443] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e1590990, parent_tid=0x7f22e1590990, exit_signal=0, stack=0x7f22e1570000, stack_size=0x20300, tls=0x7f22e15906c0}./strace-static-x86_64: Process 3444 attached [pid 3444] set_robust_list(0x7f22e15909a0, 24) = 0 [pid 3444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3444] futex(0x7f22e165d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3443] <... clone3 resumed> => {parent_tid=[3444]}, 88) = 3444 [pid 3443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3443] futex(0x7f22e165d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3444] <... futex resumed>) = 0 [pid 3444] memfd_create("syzkaller", 0 [pid 3443] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3444] <... memfd_create resumed>) = 3 [pid 3443] <... futex resumed>) = 0 [pid 3444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f22e154f000 [pid 3444] <... mmap resumed>) = 0x7f22d914f000 [pid 3443] mprotect(0x7f22e1550000, 131072, PROT_READ|PROT_WRITE [pid 3444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 3443] <... mprotect resumed>) = 0 [pid 3443] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3444] <... write resumed>) = 262144 [pid 3443] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3444] munmap(0x7f22d914f000, 138412032 [pid 3443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f22e156f990, parent_tid=0x7f22e156f990, exit_signal=0, stack=0x7f22e154f000, stack_size=0x20300, tls=0x7f22e156f6c0} [pid 3444] <... munmap resumed>) = 0 [pid 3443] <... clone3 resumed> => {parent_tid=[3445]}, 88) = 3445 ./strace-static-x86_64: Process 3445 attached [pid 3444] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3444] <... openat resumed>) = 4 [pid 3443] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3445] set_robust_list(0x7f22e156f9a0, 24 [pid 3444] ioctl(4, LOOP_SET_FD, 3 [pid 3443] <... futex resumed>) = 0 [pid 3443] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3445] <... set_robust_list resumed>) = 0 [pid 3444] <... ioctl resumed>) = 0 [pid 3445] rt_sigprocmask(SIG_SETMASK, [], [pid 3444] close(3 [pid 3445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3444] <... close resumed>) = 0 [pid 3445] creat("./bus", 000 [pid 3444] close(4 [pid 3445] <... creat resumed>) = 3 [pid 3444] <... close resumed>) = 0 [pid 3445] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3443] <... futex resumed>) = 0 [pid 3443] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3443] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3445] <... futex resumed>) = 1 [pid 3445] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 3445] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3443] <... futex resumed>) = 0 [pid 3443] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3443] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3445] <... futex resumed>) = 1 [pid 3445] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 4 [pid 3445] futex(0x7f22e165d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3443] <... futex resumed>) = 0 [pid 3443] futex(0x7f22e165d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3443] futex(0x7f22e165d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3445] <... futex resumed>) = 1 [pid 3445] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000