./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2648783969 <...> Warning: Permanently added '10.128.0.177' (ED25519) to the list of known hosts. execve("./syz-executor2648783969", ["./syz-executor2648783969"], 0x7ffedb260400 /* 10 vars */) = 0 brk(NULL) = 0x555555c17000 brk(0x555555c17d40) = 0x555555c17d40 arch_prctl(ARCH_SET_FS, 0x555555c173c0) = 0 set_tid_address(0x555555c17690) = 5026 set_robust_list(0x555555c176a0, 24) = 0 rseq(0x555555c17ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2648783969", 4096) = 28 getrandom("\x49\x41\xc5\x96\x69\x8c\x60\xb2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555c17d40 brk(0x555555c38d40) = 0x555555c38d40 brk(0x555555c39000) = 0x555555c39000 mprotect(0x7f09558f6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.CMnwJJ", 0700) = 0 chmod("./syzkaller.CMnwJJ", 0777) = 0 chdir("./syzkaller.CMnwJJ") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5027 attached , child_tidptr=0x555555c17690) = 5027 [pid 5027] set_robust_list(0x555555c176a0, 24) = 0 [pid 5027] chdir("./0") = 0 [pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5027] setpgid(0, 0) = 0 [pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5027] write(3, "1000", 4) = 4 [pid 5027] close(3) = 0 [pid 5027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5027] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5027] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5028 attached => {parent_tid=[5028]}, 88) = 5028 [pid 5027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5027] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5028] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5028] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5028] memfd_create("syzkaller", 0) = 3 [pid 5028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5028] munmap(0x7f094d40f000, 1048576) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5028] close(3) = 0 [pid 5028] mkdir("./file1", 0777) = 0 [ 71.875401][ T5028] syz-executor264[5028]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 71.898760][ T5028] loop0: detected capacity change from 0 to 2048 [pid 5028] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5028] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5028] chdir("./file1") = 0 [pid 5028] ioctl(4, LOOP_CLR_FD) = 0 [pid 5028] close(4) = 0 [pid 5028] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5028] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5027] <... futex resumed>) = 1 [pid 5027] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5028] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5028] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5027] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... openat resumed>) = 5 [pid 5028] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5028] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5027] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5027] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5027] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5028] <... write resumed>) = 40960 [pid 5027] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5028] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5033 attached [pid 5033] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5033] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5027] <... clone3 resumed> => {parent_tid=[5033]}, 88) = 5033 [pid 5027] rt_sigprocmask(SIG_SETMASK, [], [pid 5033] rt_sigprocmask(SIG_SETMASK, [], [pid 5027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5033] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5027] <... futex resumed>) = 0 [pid 5033] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5027] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 1 [pid 5028] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 71.919433][ T5028] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5027] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... write resumed>) = 1048576 [pid 5028] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 1 [pid 5028] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5027] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5028] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5028] <... futex resumed>) = 1 [pid 5027] exit_group(0 [pid 5028] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] <... futex resumed>) = ? [pid 5028] <... futex resumed>) = ? [pid 5027] <... exit_group resumed>) = ? [pid 5033] +++ exited with 0 +++ [pid 5028] +++ exited with 0 +++ [pid 5027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 72.038395][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5034 attached [pid 5034] set_robust_list(0x555555c176a0, 24) = 0 [pid 5034] chdir("./1") = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] setpgid(0, 0) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1000", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5034] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5034] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5035 attached [pid 5035] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5034] <... clone3 resumed> => {parent_tid=[5035]}, 88) = 5035 [pid 5035] <... rseq resumed>) = 0 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], [pid 5035] set_robust_list(0x7f095582f9a0, 24 [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5035] <... set_robust_list resumed>) = 0 [pid 5035] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5035] memfd_create("syzkaller", 0 [pid 5034] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5035] <... memfd_create resumed>) = 3 [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5034 [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5035] munmap(0x7f094d40f000, 1048576) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5035] close(3) = 0 [pid 5035] mkdir("./file1", 0777) = 0 [pid 5035] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5035] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5035] chdir("./file1") = 0 [pid 5035] ioctl(4, LOOP_CLR_FD) = 0 [pid 5035] close(4) = 0 [pid 5035] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5034] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... open resumed>) = 4 [pid 5035] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5034] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5035] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5035] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5034] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5035] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5034] <... clone3 resumed> => {parent_tid=[5038]}, 88) = 5038 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5038 attached [pid 5038] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5038] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5038] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5038] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... futex resumed>) = 1 [pid 5038] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5035] <... write resumed>) = 40960 [pid 5035] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.115057][ T5035] loop0: detected capacity change from 0 to 2048 [ 72.137763][ T5035] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5035] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5034] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 0 [pid 5035] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5035] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5035] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... write resumed>) = 1048576 [pid 5038] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] exit_group(0) = ? [pid 5035] <... futex resumed>) = ? [pid 5035] +++ exited with 0 +++ [pid 5038] <... futex resumed>) = ? [pid 5038] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5039 attached [pid 5039] set_robust_list(0x555555c176a0, 24) = 0 [pid 5039] chdir("./2") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs" [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5039 [pid 5039] <... symlink resumed>) = 0 [pid 5039] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 72.244458][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5039] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5040 attached => {parent_tid=[5040]}, 88) = 5040 [pid 5040] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5040] <... rseq resumed>) = 0 [pid 5039] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] set_robust_list(0x7f095582f9a0, 24 [pid 5039] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5040] <... set_robust_list resumed>) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5040] memfd_create("syzkaller", 0) = 3 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5040] munmap(0x7f094d40f000, 1048576) = 0 [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5040] close(3) = 0 [pid 5040] mkdir("./file1", 0777) = 0 [pid 5040] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5040] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5040] chdir("./file1") = 0 [pid 5040] ioctl(4, LOOP_CLR_FD) = 0 [pid 5040] close(4) = 0 [pid 5040] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5040] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5039] <... futex resumed>) = 1 [pid 5040] <... open resumed>) = 4 [pid 5039] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5040] <... futex resumed>) = 0 [pid 5039] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5039] <... futex resumed>) = 0 [pid 5040] <... mount resumed>) = 0 [pid 5039] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5040] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5039] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5039] <... futex resumed>) = 0 [pid 5040] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5040] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5039] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] <... openat resumed>) = 5 [pid 5039] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5040] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5039] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5043 attached [pid 5043] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5039] <... clone3 resumed> => {parent_tid=[5043]}, 88) = 5043 [pid 5043] <... rseq resumed>) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], [pid 5043] set_robust_list(0x7f094d50e9a0, 24 [pid 5039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... set_robust_list resumed>) = 0 [pid 5039] <... futex resumed>) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5043] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5043] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5043] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5040] <... write resumed>) = 40960 [pid 5040] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... futex resumed>) = 0 [ 72.325899][ T5040] loop0: detected capacity change from 0 to 2048 [ 72.347654][ T5040] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5039] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... write resumed>) = 1048576 [pid 5043] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5043] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5039] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5040] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5040] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] exit_group(0 [pid 5040] <... futex resumed>) = ? [pid 5043] <... futex resumed>) = ? [pid 5039] <... exit_group resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5044 attached , child_tidptr=0x555555c17690) = 5044 [pid 5044] set_robust_list(0x555555c176a0, 24) = 0 [pid 5044] chdir("./3") = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5044] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5044] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5045 attached => {parent_tid=[5045]}, 88) = 5045 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], [pid 5045] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5045] <... rseq resumed>) = 0 [pid 5045] set_robust_list(0x7f095582f9a0, 24 [pid 5044] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... set_robust_list resumed>) = 0 [pid 5044] <... futex resumed>) = 0 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], [pid 5044] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5045] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 72.442202][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5045] memfd_create("syzkaller", 0) = 3 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5045] munmap(0x7f094d40f000, 1048576) = 0 [pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5045] close(3) = 0 [pid 5045] mkdir("./file1", 0777) = 0 [pid 5045] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5045] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5045] chdir("./file1") = 0 [pid 5045] ioctl(4, LOOP_CLR_FD) = 0 [pid 5045] close(4) = 0 [pid 5045] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5045] <... futex resumed>) = 1 [pid 5044] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... open resumed>) = 4 [pid 5045] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 1 [pid 5045] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5045] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5044] <... futex resumed>) = 0 [pid 5045] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5044] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5045] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5044] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5045] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5044] <... futex resumed>) = 0 [pid 5045] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5044] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5044] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5048 attached [pid 5048] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5048] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5048] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] <... clone3 resumed> => {parent_tid=[5048]}, 88) = 5048 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5044] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [pid 5048] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5044] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... open resumed>) = 6 [pid 5048] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5048] <... futex resumed>) = 1 [pid 5044] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... write resumed>) = 40960 [pid 5045] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.518226][ T5045] loop0: detected capacity change from 0 to 2048 [ 72.538237][ T5045] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5045] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] <... write resumed>) = 1048576 [pid 5048] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [pid 5045] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5044] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] <... futex resumed>) = 0 [pid 5044] exit_group(0 [pid 5048] <... futex resumed>) = ? [pid 5045] <... futex resumed>) = ? [pid 5044] <... exit_group resumed>) = ? [pid 5048] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5049 ./strace-static-x86_64: Process 5049 attached [pid 5049] set_robust_list(0x555555c176a0, 24) = 0 [pid 5049] chdir("./4") = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5049] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5049] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5050 attached => {parent_tid=[5050]}, 88) = 5050 [pid 5050] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], [pid 5050] set_robust_list(0x7f095582f9a0, 24 [pid 5049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5050] <... set_robust_list resumed>) = 0 [pid 5049] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], [pid 5049] <... futex resumed>) = 0 [pid 5050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5049] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5050] memfd_create("syzkaller", 0) = 3 [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [ 72.619586][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5050] munmap(0x7f094d40f000, 1048576) = 0 [pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5050] close(3) = 0 [pid 5050] mkdir("./file1", 0777) = 0 [pid 5050] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5050] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5050] chdir("./file1") = 0 [pid 5050] ioctl(4, LOOP_CLR_FD) = 0 [pid 5050] close(4) = 0 [pid 5050] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5049] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5050] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5049] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... mount resumed>) = 0 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5049] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5050] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5049] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... openat resumed>) = 5 [pid 5050] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5049] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5050] <... futex resumed>) = 1 [pid 5050] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5049] <... clone3 resumed> => {parent_tid=[5053]}, 88) = 5053 ./strace-static-x86_64: Process 5053 attached [pid 5049] rt_sigprocmask(SIG_SETMASK, [], [pid 5053] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5049] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5049] <... futex resumed>) = 0 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5049] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... open resumed>) = 6 [pid 5053] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5053] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] <... futex resumed>) = 0 [pid 5053] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5049] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... write resumed>) = 40960 [pid 5050] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.686323][ T5050] loop0: detected capacity change from 0 to 2048 [ 72.717746][ T5050] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5050] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... write resumed>) = 1048576 [pid 5053] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5050] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5049] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] exit_group(0 [pid 5050] <... futex resumed>) = ? [pid 5053] <... futex resumed>) = ? [pid 5050] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ [pid 5049] <... exit_group resumed>) = ? [pid 5049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5049, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5054 ./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x555555c176a0, 24) = 0 [pid 5054] chdir("./5") = 0 [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4) = 4 [pid 5054] close(3) = 0 [pid 5054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5054] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.813428][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5054] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5054] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5054] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5055]}, 88) = 5055 ./strace-static-x86_64: Process 5055 attached [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5055] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5055] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5055] memfd_create("syzkaller", 0) = 3 [pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5055] munmap(0x7f094d40f000, 1048576) = 0 [pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5055] close(3) = 0 [pid 5055] mkdir("./file1", 0777) = 0 [pid 5055] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5055] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5055] chdir("./file1") = 0 [pid 5055] ioctl(4, LOOP_CLR_FD) = 0 [pid 5055] close(4) = 0 [pid 5055] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = 0 [pid 5054] <... futex resumed>) = 1 [pid 5055] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5054] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... open resumed>) = 4 [pid 5055] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] <... futex resumed>) = 0 [pid 5055] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5054] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... mount resumed>) = 0 [pid 5055] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] <... futex resumed>) = 0 [pid 5055] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5054] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5055] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = 0 [pid 5054] <... futex resumed>) = 1 [pid 5055] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5054] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... openat resumed>) = 5 [pid 5055] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5055] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5054] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5054] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5058 attached [pid 5058] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5054] <... clone3 resumed> => {parent_tid=[5058]}, 88) = 5058 [pid 5058] <... rseq resumed>) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], [pid 5058] set_robust_list(0x7f094d50e9a0, 24 [pid 5054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] <... set_robust_list resumed>) = 0 [pid 5054] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] <... futex resumed>) = 0 [pid 5058] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5054] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... open resumed>) = 6 [pid 5058] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5055] <... write resumed>) = 40960 [pid 5058] <... futex resumed>) = 1 [pid 5055] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... futex resumed>) = 0 [pid 5054] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5054] <... futex resumed>) = 0 [ 72.890122][ T5055] loop0: detected capacity change from 0 to 2048 [ 72.908437][ T5055] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5054] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... write resumed>) = 1048576 [pid 5055] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5054] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] exit_group(0 [pid 5058] <... futex resumed>) = ? [pid 5055] <... futex resumed>) = ? [pid 5054] <... exit_group resumed>) = ? [pid 5058] +++ exited with 0 +++ [pid 5055] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached , child_tidptr=0x555555c17690) = 5059 [pid 5059] set_robust_list(0x555555c176a0, 24) = 0 [pid 5059] chdir("./6") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [ 73.011166][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5059] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5060 attached => {parent_tid=[5060]}, 88) = 5060 [pid 5060] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] <... rseq resumed>) = 0 [pid 5060] set_robust_list(0x7f095582f9a0, 24 [pid 5059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] <... set_robust_list resumed>) = 0 [pid 5059] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5059] <... futex resumed>) = 0 [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5059] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5060] munmap(0x7f094d40f000, 1048576) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./file1", 0777) = 0 [pid 5060] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5060] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file1") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5060] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 0 [pid 5060] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5060] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... mount resumed>) = 0 [pid 5060] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5060] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5059] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5060] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... openat resumed>) = 5 [pid 5060] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5059] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5059] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5060] <... write resumed>) = 40960 [pid 5060] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5063 attached [pid 5063] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5063] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] <... clone3 resumed> => {parent_tid=[5063]}, 88) = 5063 [pid 5063] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5059] <... futex resumed>) = 1 [pid 5063] <... open resumed>) = 6 [pid 5059] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [ 73.088811][ T5060] loop0: detected capacity change from 0 to 2048 [ 73.107605][ T5060] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5059] <... futex resumed>) = 1 [pid 5060] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5059] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... write resumed>) = 1048576 [pid 5060] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5060] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5059] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5060] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] exit_group(0 [pid 5060] <... futex resumed>) = ? [pid 5063] <... futex resumed>) = ? [pid 5059] <... exit_group resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5063] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5064 ./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x555555c176a0, 24) = 0 [pid 5064] chdir("./7") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [ 73.222436][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5064] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5065]}, 88) = 5065 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5065 attached [pid 5065] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5065] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5065] munmap(0x7f094d40f000, 1048576) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file1", 0777) = 0 [pid 5065] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5065] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file1") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5065] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5065] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5064] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... mount resumed>) = 0 [pid 5065] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5065] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5064] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5065] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5064] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... openat resumed>) = 5 [pid 5065] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5065] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5064] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5064] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5068 attached [pid 5068] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5064] <... clone3 resumed> => {parent_tid=[5068]}, 88) = 5068 [pid 5068] <... rseq resumed>) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], [pid 5068] set_robust_list(0x7f094d50e9a0, 24 [pid 5064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5068] <... set_robust_list resumed>) = 0 [pid 5064] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... futex resumed>) = 0 [pid 5068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5068] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5064] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... open resumed>) = 6 [ 73.303152][ T5065] loop0: detected capacity change from 0 to 2048 [ 73.318655][ T5065] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5068] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5068] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5068] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5064] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... write resumed>) = 1048576 [pid 5068] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5064] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5064] <... futex resumed>) = 0 [pid 5068] <... openat resumed>) = -1 EFAULT (Bad address) [ 73.361010][ T5065] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 12340 vs 25 free clusters [ 73.377296][ T5065] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 73.393094][ T5065] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [pid 5064] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [ 73.407619][ T5065] EXT4-fs error (device loop0): ext4_dirty_inode:5956: inode #16: comm syz-executor264: mark_inode_dirty error [ 73.419961][ T5065] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 73.433731][ T5065] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 73.443497][ T5065] EXT4-fs error (device loop0): ext4_ext_truncate:4399: inode #16: comm syz-executor264: mark_inode_dirty error [pid 5068] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5065] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] exit_group(0 [pid 5068] <... futex resumed>) = ? [pid 5065] <... futex resumed>) = ? [pid 5064] <... exit_group resumed>) = ? [pid 5065] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ [pid 5064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 73.456178][ T5065] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 73.469520][ T5065] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 73.479422][ T5065] EXT4-fs error (device loop0): ext4_truncate:4184: inode #16: comm syz-executor264: mark_inode_dirty error umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5069 [ 73.505047][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x555555c176a0, 24) = 0 [pid 5069] chdir("./8") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5069] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5070]}, 88) = 5070 ./strace-static-x86_64: Process 5070 attached [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5069] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5070] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5070] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5070] munmap(0x7f094d40f000, 1048576) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5070] close(3) = 0 [pid 5070] mkdir("./file1", 0777) = 0 [pid 5070] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5070] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] chdir("./file1") = 0 [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] close(4) = 0 [pid 5070] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] <... futex resumed>) = 0 [pid 5070] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5069] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... open resumed>) = 4 [pid 5070] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5070] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5069] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... mount resumed>) = 0 [pid 5070] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5070] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5069] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... futex resumed>) = 0 [pid 5070] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5069] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... openat resumed>) = 5 [pid 5070] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5069] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5073]}, 88) = 5073 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5069] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5070] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5073] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5073] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5073] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5073] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5070] <... write resumed>) = 40960 [pid 5069] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 0 [ 73.580948][ T5070] loop0: detected capacity change from 0 to 2048 [ 73.599402][ T5070] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5070] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... write resumed>) = 1048576 [pid 5073] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5073] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5070] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5069] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5070] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] exit_group(0) = ? [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5070] <... futex resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x555555c176a0, 24) = 0 [pid 5074] chdir("./9") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5074] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5075 attached [pid 5075] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5074] <... clone3 resumed> => {parent_tid=[5075]}, 88) = 5075 [pid 5075] <... rseq resumed>) = 0 [pid 5075] set_robust_list(0x7f095582f9a0, 24 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [ 73.709093][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5075] munmap(0x7f094d40f000, 1048576) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file1", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5075] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file1") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5075] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5074] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... open resumed>) = 4 [pid 5075] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] <... futex resumed>) = 0 [pid 5075] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5074] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... mount resumed>) = 0 [pid 5075] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] <... futex resumed>) = 0 [pid 5074] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5075] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5075] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5074] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5074] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5078 attached => {parent_tid=[5078]}, 88) = 5078 [pid 5078] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] set_robust_list(0x7f094d50e9a0, 24 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] <... set_robust_list resumed>) = 0 [pid 5074] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] <... futex resumed>) = 0 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5078] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5078] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 73.773041][ T5075] loop0: detected capacity change from 0 to 2048 [ 73.787591][ T5075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5074] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5075] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... write resumed>) = 1048576 [pid 5078] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 1 [pid 5074] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5078] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5074] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5075] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] exit_group(0 [pid 5078] <... futex resumed>) = ? [pid 5075] <... futex resumed>) = ? [pid 5074] <... exit_group resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 73.824644][ T5075] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached , child_tidptr=0x555555c17690) = 5079 [pid 5079] set_robust_list(0x555555c176a0, 24) = 0 [pid 5079] chdir("./10") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5079] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5079] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5080]}, 88) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5080] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5079] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... rseq resumed>) = 0 [pid 5080] set_robust_list(0x7f095582f9a0, 24 [pid 5079] <... futex resumed>) = 0 [pid 5080] <... set_robust_list resumed>) = 0 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5079] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [ 73.884391][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5080] munmap(0x7f094d40f000, 1048576) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./file1", 0777) = 0 [pid 5080] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5080] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file1") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5080] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5079] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... open resumed>) = 4 [pid 5080] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5079] <... futex resumed>) = 0 [pid 5080] <... mount resumed>) = 0 [pid 5079] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... futex resumed>) = 1 [pid 5080] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5080] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 5080] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5079] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... openat resumed>) = 5 [pid 5080] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5080] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5079] <... mmap resumed>) = 0x7f094d4ee000 [pid 5079] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5084 attached [pid 5084] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5084] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... write resumed>) = 40960 [pid 5080] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... clone3 resumed> => {parent_tid=[5084]}, 88) = 5084 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5079] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5079] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5084] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5080] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 73.959259][ T5080] loop0: detected capacity change from 0 to 2048 [ 73.988487][ T5080] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5079] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... write resumed>) = 1048576 [pid 5080] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5079] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5080] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] exit_group(0 [pid 5080] <... futex resumed>) = ? [pid 5079] <... exit_group resumed>) = ? [pid 5084] <... futex resumed>) = ? [pid 5080] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x555555c176a0, 24) = 0 [pid 5085] chdir("./11") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5085] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5086 attached => {parent_tid=[5086]}, 88) = 5086 [pid 5086] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5086] <... rseq resumed>) = 0 [pid 5086] set_robust_list(0x7f095582f9a0, 24 [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [ 74.097827][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5086] munmap(0x7f094d40f000, 1048576) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file1", 0777) = 0 [pid 5086] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5086] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file1") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = 1 [pid 5085] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... open resumed>) = 4 [pid 5086] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 0 [pid 5086] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5086] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5086] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5085] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5086] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5085] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... openat resumed>) = 5 [pid 5086] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5085] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5085] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5089 attached => {parent_tid=[5089]}, 88) = 5089 [pid 5089] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] <... rseq resumed>) = 0 [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] set_robust_list(0x7f094d50e9a0, 24 [pid 5085] <... futex resumed>) = 0 [pid 5089] <... set_robust_list resumed>) = 0 [pid 5085] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5089] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5089] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... write resumed>) = 40960 [pid 5086] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5089] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5086] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 74.175791][ T5086] loop0: detected capacity change from 0 to 2048 [ 74.197704][ T5086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5085] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... write resumed>) = 1048576 [pid 5086] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5086] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] exit_group(0) = ? [pid 5086] <... futex resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5089] <... futex resumed>) = ? [pid 5089] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5090 ./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x555555c176a0, 24) = 0 [pid 5090] chdir("./12") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [ 74.280560][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5090] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5091 attached [pid 5091] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5091] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5091] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... clone3 resumed> => {parent_tid=[5091]}, 88) = 5091 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5090] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5090] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5091] munmap(0x7f094d40f000, 1048576) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file1", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5091] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file1") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 0 [pid 5091] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5091] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5091] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5090] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... mount resumed>) = 0 [pid 5091] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5091] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5091] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5090] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5091] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5090] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5094 attached [pid 5094] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5090] <... clone3 resumed> => {parent_tid=[5094]}, 88) = 5094 [pid 5094] <... rseq resumed>) = 0 [pid 5094] set_robust_list(0x7f094d50e9a0, 24 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] <... set_robust_list resumed>) = 0 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... write resumed>) = 40960 [pid 5090] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5091] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 0 [pid 5090] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... open resumed>) = 6 [pid 5094] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5094] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5091] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 74.360150][ T5091] loop0: detected capacity change from 0 to 2048 [ 74.377563][ T5091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5090] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... write resumed>) = 1048576 [pid 5091] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5091] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] exit_group(0) = ? [pid 5094] <... futex resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5091] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached , child_tidptr=0x555555c17690) = 5095 [pid 5095] set_robust_list(0x555555c176a0, 24) = 0 [pid 5095] chdir("./13") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5095] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5096 attached [pid 5096] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5095] <... clone3 resumed> => {parent_tid=[5096]}, 88) = 5096 [pid 5096] <... rseq resumed>) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5096] set_robust_list(0x7f095582f9a0, 24 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] <... set_robust_list resumed>) = 0 [pid 5095] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5096] memfd_create("syzkaller", 0 [pid 5095] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] <... memfd_create resumed>) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [ 74.471613][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5096] munmap(0x7f094d40f000, 1048576) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file1", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5096] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file1") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5096] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5096] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5095] <... futex resumed>) = 0 [pid 5096] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5095] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... openat resumed>) = 5 [pid 5096] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960) = 40960 [pid 5095] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5096] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... mmap resumed>) = 0x7f094d4ee000 [pid 5095] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5099 attached => {parent_tid=[5099]}, 88) = 5099 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5095] <... futex resumed>) = 0 [pid 5099] <... rseq resumed>) = 0 [pid 5095] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5099] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 74.537652][ T5096] loop0: detected capacity change from 0 to 2048 [ 74.558141][ T5096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5095] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5095] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5099] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5095] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5099] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5099] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... write resumed>) = 1048576 [pid 5096] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0 [pid 5099] <... futex resumed>) = ? [pid 5095] <... exit_group resumed>) = ? [pid 5099] +++ exited with 0 +++ [pid 5096] <... futex resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x555555c176a0, 24) = 0 [pid 5100] chdir("./14") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [ 74.700609][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5100] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5101]}, 88) = 5101 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5100] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5101 attached [pid 5101] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5101] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5101] memfd_create("syzkaller", 0) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5101] munmap(0x7f094d40f000, 1048576) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file1", 0777) = 0 [pid 5101] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5101] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file1") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5101] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5101] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5101] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5101] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5100] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5104]}, 88) = 5104 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5100] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5104 attached [pid 5101] <... futex resumed>) = 1 [pid 5104] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5101] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5104] <... rseq resumed>) = 0 [pid 5104] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5104] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5104] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [ 74.785265][ T5101] loop0: detected capacity change from 0 to 2048 [ 74.818287][ T5101] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5104] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5101] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5101] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... write resumed>) = 1048576 [pid 5104] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 0 [pid 5101] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5101] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] exit_group(0) = ? [pid 5101] <... futex resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5104] <... futex resumed>) = ? [pid 5104] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 74.854902][ T5101] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached , child_tidptr=0x555555c17690) = 5105 [pid 5105] set_robust_list(0x555555c176a0, 24) = 0 [pid 5105] chdir("./15") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 74.916833][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5105] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5106 attached => {parent_tid=[5106]}, 88) = 5106 [pid 5106] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5106] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5106] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5105] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5105] <... futex resumed>) = 1 [pid 5105] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5106] munmap(0x7f094d40f000, 1048576) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file1", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5106] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file1") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5105] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... open resumed>) = 4 [pid 5106] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5105] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... mount resumed>) = 0 [pid 5106] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5105] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5106] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... openat resumed>) = 5 [pid 5106] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5105] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5105] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5109 attached [pid 5109] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5105] <... clone3 resumed> => {parent_tid=[5109]}, 88) = 5109 [pid 5109] <... rseq resumed>) = 0 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5109] set_robust_list(0x7f094d50e9a0, 24 [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5109] <... set_robust_list resumed>) = 0 [pid 5105] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] <... futex resumed>) = 0 [pid 5109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5109] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5109] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5109] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 75.007571][ T5106] loop0: detected capacity change from 0 to 2048 [ 75.027739][ T5106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.069555][ T5106] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 75.083516][ T5106] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 75.094660][ T5106] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz-executor264: mark_inode_dirty error [pid 5105] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5105] futex(0x7f09558fc6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4cd000 [pid 5105] mprotect(0x7f094d4ce000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d4ed990, parent_tid=0x7f094d4ed990, exit_signal=0, stack=0x7f094d4cd000, stack_size=0x20300, tls=0x7f094d4ed6c0}./strace-static-x86_64: Process 5110 attached [pid 5110] rseq(0x7f094d4edfe0, 0x20, 0, 0x53053053) = 0 [pid 5110] set_robust_list(0x7f094d4ed9a0, 24) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5110] futex(0x7f09558fc6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] <... clone3 resumed> => {parent_tid=[5110]}, 88) = 5110 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5105] futex(0x7f09558fc6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5110] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5105] futex(0x7f09558fc6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5110] futex(0x7f09558fc6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f09558fc6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5109] <... write resumed>) = 1048576 [pid 5109] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.108843][ T5106] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 75.127629][ T5106] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 75.138972][ T5106] EXT4-fs error (device loop0): ext4_ext_truncate:4399: inode #16: comm syz-executor264: mark_inode_dirty error [ 75.154087][ T5106] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [pid 5109] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5106] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] exit_group(0 [pid 5109] <... futex resumed>) = ? [pid 5110] <... futex resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5106] <... futex resumed>) = ? [pid 5105] <... exit_group resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 75.168371][ T5106] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 75.178138][ T5106] EXT4-fs error (device loop0): ext4_truncate:4184: inode #16: comm syz-executor264: mark_inode_dirty error [ 75.190282][ T5106] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5111 ./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x555555c176a0, 24) = 0 [pid 5111] chdir("./16") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [ 75.225366][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5111] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5112 attached => {parent_tid=[5112]}, 88) = 5112 [pid 5112] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], [pid 5112] <... rseq resumed>) = 0 [pid 5112] set_robust_list(0x7f095582f9a0, 24 [pid 5111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5112] <... set_robust_list resumed>) = 0 [pid 5111] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] <... futex resumed>) = 0 [pid 5112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5112] memfd_create("syzkaller", 0 [pid 5111] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] <... memfd_create resumed>) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5112] munmap(0x7f094d40f000, 1048576) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./file1", 0777) = 0 [pid 5112] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5112] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./file1") = 0 [pid 5112] ioctl(4, LOOP_CLR_FD) = 0 [pid 5112] close(4) = 0 [pid 5112] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] <... futex resumed>) = 0 [pid 5112] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5111] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... open resumed>) = 4 [pid 5112] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5112] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5111] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5112] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5111] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... openat resumed>) = 5 [pid 5112] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5111] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5115 attached => {parent_tid=[5115]}, 88) = 5115 [pid 5115] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5115] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5115] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5111] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... open resumed>) = 6 [pid 5111] <... futex resumed>) = 0 [pid 5115] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5111] <... futex resumed>) = 0 [pid 5112] <... write resumed>) = 40960 [pid 5111] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.303289][ T5112] loop0: detected capacity change from 0 to 2048 [ 75.317693][ T5112] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5112] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... write resumed>) = 1048576 [pid 5115] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5115] <... futex resumed>) = 1 [pid 5112] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5111] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5112] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] exit_group(0 [pid 5112] <... futex resumed>) = ? [pid 5111] <... exit_group resumed>) = ? [pid 5115] <... futex resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5116 ./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x555555c176a0, 24) = 0 [pid 5116] chdir("./17") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5116] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5117 attached => {parent_tid=[5117]}, 88) = 5117 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5117] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5117] set_robust_list(0x7f095582f9a0, 24 [pid 5116] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... set_robust_list resumed>) = 0 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] <... futex resumed>) = 0 [pid 5117] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 75.410906][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5116] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5117] munmap(0x7f094d40f000, 1048576) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file1", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5117] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file1") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... open resumed>) = 4 [pid 5117] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5117] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5117] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5117] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5117] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5116] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5116] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE [pid 5117] <... write resumed>) = 40960 [pid 5116] <... mprotect resumed>) = 0 [pid 5117] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5117] <... futex resumed>) = 0 [pid 5116] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5117] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5120 attached [pid 5120] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5116] <... clone3 resumed> => {parent_tid=[5120]}, 88) = 5120 [pid 5120] <... rseq resumed>) = 0 [pid 5120] set_robust_list(0x7f094d50e9a0, 24 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] <... set_robust_list resumed>) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... open resumed>) = 6 [pid 5120] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5117] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5116] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [pid 5120] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... write resumed>) = 1048576 [ 75.490644][ T5117] loop0: detected capacity change from 0 to 2048 [ 75.507972][ T5117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5117] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5116] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5116] <... futex resumed>) = 0 [pid 5117] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5116] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] exit_group(0 [pid 5120] <... futex resumed>) = ? [pid 5117] <... futex resumed>) = ? [pid 5116] <... exit_group resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5121 ./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x555555c176a0, 24) = 0 [pid 5121] chdir("./18") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5121] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5122 attached => {parent_tid=[5122]}, 88) = 5122 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5121] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5122] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5122] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5122] munmap(0x7f094d40f000, 1048576) = 0 [ 75.579738][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] mkdir("./file1", 0777) = 0 [pid 5122] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5122] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./file1") = 0 [pid 5122] ioctl(4, LOOP_CLR_FD) = 0 [pid 5122] close(4) = 0 [pid 5122] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... open resumed>) = 4 [pid 5122] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5122] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5121] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... mount resumed>) = 0 [pid 5122] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5121] <... futex resumed>) = 0 [pid 5122] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5121] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5121] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... openat resumed>) = 5 [pid 5122] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5121] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5125 attached [pid 5122] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5121] <... clone3 resumed> => {parent_tid=[5125]}, 88) = 5125 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5121] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5125] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5125] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5122] <... write resumed>) = 40960 [pid 5125] <... open resumed>) = 6 [pid 5122] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5125] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 0 [ 75.641819][ T5122] loop0: detected capacity change from 0 to 2048 [ 75.657724][ T5122] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5122] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5122] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 5122] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5121] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5122] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5121] exit_group(0 [pid 5122] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = ? [pid 5122] <... futex resumed>) = ? [pid 5125] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ [pid 5121] <... exit_group resumed>) = ? [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5126 attached , child_tidptr=0x555555c17690) = 5126 [pid 5126] set_robust_list(0x555555c176a0, 24) = 0 [pid 5126] chdir("./19") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5126] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5126] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5127 attached => {parent_tid=[5127]}, 88) = 5127 [pid 5127] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5127] set_robust_list(0x7f095582f9a0, 24 [ 75.746658][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5126] rt_sigprocmask(SIG_SETMASK, [], [pid 5127] <... set_robust_list resumed>) = 0 [pid 5126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], [pid 5126] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5126] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5127] memfd_create("syzkaller", 0) = 3 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5127] munmap(0x7f094d40f000, 1048576) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5127] close(3) = 0 [pid 5127] mkdir("./file1", 0777) = 0 [pid 5127] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5127] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] chdir("./file1") = 0 [pid 5127] ioctl(4, LOOP_CLR_FD) = 0 [pid 5127] close(4) = 0 [pid 5127] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... futex resumed>) = 0 [pid 5127] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5127] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... futex resumed>) = 1 [pid 5127] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5127] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... futex resumed>) = 1 [pid 5127] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5127] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... futex resumed>) = 1 [pid 5127] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5127] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5126] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] <... futex resumed>) = 1 [pid 5126] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5127] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5126] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5130 attached => {parent_tid=[5130]}, 88) = 5130 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5126] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5130] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5130] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5130] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5126] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5126] <... futex resumed>) = 0 [pid 5127] <... write resumed>) = 40960 [pid 5127] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 75.822137][ T5127] loop0: detected capacity change from 0 to 2048 [ 75.837587][ T5127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5126] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... write resumed>) = 1048576 [pid 5130] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5130] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5127] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5126] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5127] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5127] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] exit_group(0) = ? [pid 5127] <... futex resumed>) = ? [pid 5130] <... futex resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached , child_tidptr=0x555555c17690) = 5131 [pid 5131] set_robust_list(0x555555c176a0, 24) = 0 [pid 5131] chdir("./20") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5131] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 75.930674][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5132]}, 88) = 5132 ./strace-static-x86_64: Process 5132 attached [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5132] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5132] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5132] munmap(0x7f094d40f000, 1048576) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file1", 0777) = 0 [pid 5132] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5132] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file1") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5132] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5131] <... futex resumed>) = 1 [pid 5131] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... open resumed>) = 4 [pid 5132] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5132] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5132] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5132] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5131] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5132] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960./strace-static-x86_64: Process 5135 attached [pid 5131] <... clone3 resumed> => {parent_tid=[5135]}, 88) = 5135 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5135] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5135] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5135] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... write resumed>) = 40960 [pid 5135] <... futex resumed>) = 1 [pid 5132] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 76.007067][ T5132] loop0: detected capacity change from 0 to 2048 [ 76.027980][ T5132] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5132] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5132] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5132] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] exit_group(0) = ? [pid 5135] <... futex resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5132] <... futex resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5136 ./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x555555c176a0, 24) = 0 [pid 5136] chdir("./21") = 0 [pid 5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5136] setpgid(0, 0) = 0 [pid 5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5136] write(3, "1000", 4) = 4 [pid 5136] close(3) = 0 [pid 5136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5136] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5136] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5137 attached [pid 5137] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5137] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5137] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... clone3 resumed> => {parent_tid=[5137]}, 88) = 5137 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5136] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5136] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5137] memfd_create("syzkaller", 0) = 3 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5137] munmap(0x7f094d40f000, 1048576) = 0 [ 76.123725][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5137] close(3) = 0 [pid 5137] mkdir("./file1", 0777) = 0 [pid 5137] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5137] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] chdir("./file1") = 0 [pid 5137] ioctl(4, LOOP_CLR_FD) = 0 [pid 5137] close(4) = 0 [pid 5137] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [pid 5137] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5137] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = 1 [pid 5136] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5136] <... futex resumed>) = 0 [pid 5137] <... mount resumed>) = 0 [pid 5136] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [pid 5137] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5137] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [pid 5137] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5137] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = 1 [pid 5136] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5136] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5137] <... write resumed>) = 40960 [pid 5137] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5140 attached [pid 5140] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5140] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5136] <... clone3 resumed> => {parent_tid=[5140]}, 88) = 5140 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], [pid 5140] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5136] <... futex resumed>) = 0 [pid 5140] <... open resumed>) = 6 [pid 5136] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5136] <... futex resumed>) = 1 [pid 5137] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 76.184726][ T5137] loop0: detected capacity change from 0 to 2048 [ 76.197395][ T5137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5136] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... write resumed>) = 1048576 [pid 5137] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [pid 5137] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5137] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5136] exit_group(0 [pid 5140] <... futex resumed>) = ? [pid 5136] <... exit_group resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5137] <... futex resumed>) = ? [pid 5137] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5136, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5141 attached , child_tidptr=0x555555c17690) = 5141 [pid 5141] set_robust_list(0x555555c176a0, 24) = 0 [pid 5141] chdir("./22") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5141] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5142]}, 88) = 5142 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5141] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5142 attached [pid 5142] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5142] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5142] memfd_create("syzkaller", 0) = 3 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [ 76.277233][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5142] munmap(0x7f094d40f000, 1048576) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5142] close(3) = 0 [pid 5142] mkdir("./file1", 0777) = 0 [pid 5142] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5142] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5142] chdir("./file1") = 0 [pid 5142] ioctl(4, LOOP_CLR_FD) = 0 [pid 5142] close(4) = 0 [pid 5142] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5142] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5142] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5142] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5141] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5141] <... futex resumed>) = 0 [pid 5142] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 0 [pid 5141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5142] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5141] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5142] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5142] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5141] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5141] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5145]}, 88) = 5145 ./strace-static-x86_64: Process 5145 attached [pid 5145] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5141] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... rseq resumed>) = 0 [pid 5145] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5145] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5145] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 1 [ 76.343439][ T5142] loop0: detected capacity change from 0 to 2048 [ 76.367508][ T5142] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5145] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5142] <... write resumed>) = 40960 [pid 5142] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... write resumed>) = 1048576 [pid 5145] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5141] <... futex resumed>) = 1 [pid 5145] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5141] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5142] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5142] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] exit_group(0 [pid 5145] <... futex resumed>) = ? [pid 5141] <... exit_group resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5142] <... futex resumed>) = ? [pid 5142] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5146 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x555555c176a0, 24) = 0 [pid 5146] chdir("./23") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5146] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5147 attached [pid 5147] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5146] <... clone3 resumed> => {parent_tid=[5147]}, 88) = 5147 [pid 5147] set_robust_list(0x7f095582f9a0, 24 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] <... set_robust_list resumed>) = 0 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5147] memfd_create("syzkaller", 0 [pid 5146] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5147] <... memfd_create resumed>) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [ 76.477097][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5147] munmap(0x7f094d40f000, 1048576) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file1", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5147] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file1") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = 1 [pid 5146] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... open resumed>) = 4 [pid 5147] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5147] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5147] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 1 [pid 5146] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5146] <... futex resumed>) = 1 [pid 5146] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... openat resumed>) = 5 [pid 5147] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5146] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5146] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5150]}, 88) = 5150 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5146] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5150 attached [pid 5150] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5150] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5150] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5147] <... write resumed>) = 40960 [pid 5147] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... open resumed>) = 6 [pid 5150] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 76.544320][ T5147] loop0: detected capacity change from 0 to 2048 [ 76.577525][ T5147] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5146] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... write resumed>) = 1048576 [pid 5147] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5146] <... futex resumed>) = 0 [pid 5147] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5146] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] exit_group(0 [pid 5150] <... futex resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5147] <... futex resumed>) = ? [pid 5146] <... exit_group resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5151 ./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x555555c176a0, 24) = 0 [pid 5151] chdir("./24") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [ 76.663920][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5151] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5151] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5152 attached => {parent_tid=[5152]}, 88) = 5152 [pid 5152] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] <... rseq resumed>) = 0 [pid 5151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] set_robust_list(0x7f095582f9a0, 24 [pid 5151] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... set_robust_list resumed>) = 0 [pid 5151] <... futex resumed>) = 0 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5151] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] memfd_create("syzkaller", 0) = 3 [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5152] munmap(0x7f094d40f000, 1048576) = 0 [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5152] close(3) = 0 [pid 5152] mkdir("./file1", 0777) = 0 [pid 5152] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5152] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5152] chdir("./file1") = 0 [pid 5152] ioctl(4, LOOP_CLR_FD) = 0 [pid 5152] close(4) = 0 [pid 5152] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 0 [pid 5152] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5152] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5151] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... mount resumed>) = 0 [pid 5152] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5151] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5152] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 0 [pid 5151] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... openat resumed>) = 5 [pid 5152] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5151] <... futex resumed>) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5151] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] <... write resumed>) = 40960 [pid 5151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5152] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5155 attached [pid 5155] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5151] <... clone3 resumed> => {parent_tid=[5155]}, 88) = 5155 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] <... rseq resumed>) = 0 [pid 5151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] set_robust_list(0x7f094d50e9a0, 24 [pid 5151] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... set_robust_list resumed>) = 0 [pid 5151] <... futex resumed>) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5151] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5155] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5155] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5152] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 76.745593][ T5152] loop0: detected capacity change from 0 to 2048 [ 76.768322][ T5152] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5151] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... write resumed>) = 1048576 [pid 5152] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5151] <... futex resumed>) = 0 [pid 5152] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5152] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] exit_group(0 [pid 5155] <... futex resumed>) = ? [pid 5152] <... futex resumed>) = ? [pid 5151] <... exit_group resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5156 attached , child_tidptr=0x555555c17690) = 5156 [pid 5156] set_robust_list(0x555555c176a0, 24) = 0 [pid 5156] chdir("./25") = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5156] setpgid(0, 0) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5156] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5157]}, 88) = 5157 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5157 attached NULL, 8) = 0 [pid 5157] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5156] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [ 76.862078][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5157] munmap(0x7f094d40f000, 1048576) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] mkdir("./file1", 0777) = 0 [pid 5157] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5157] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./file1") = 0 [pid 5157] ioctl(4, LOOP_CLR_FD) = 0 [pid 5157] close(4) = 0 [pid 5157] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... futex resumed>) = 0 [pid 5157] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5157] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5156] <... futex resumed>) = 1 [pid 5157] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5156] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... mount resumed>) = 0 [pid 5157] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5156] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5157] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5157] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5156] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... openat resumed>) = 5 [pid 5157] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5157] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5156] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5156] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5160 attached [pid 5160] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5156] <... clone3 resumed> => {parent_tid=[5160]}, 88) = 5160 [pid 5160] <... rseq resumed>) = 0 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], [pid 5160] set_robust_list(0x7f094d50e9a0, 24 [pid 5156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] <... set_robust_list resumed>) = 0 [pid 5156] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5160] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... write resumed>) = 40960 [pid 5157] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] <... futex resumed>) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5160] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5156] <... futex resumed>) = 1 [pid 5157] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 76.935341][ T5157] loop0: detected capacity change from 0 to 2048 [ 76.947526][ T5157] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5156] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... write resumed>) = 1048576 [pid 5157] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5156] <... futex resumed>) = 1 [pid 5157] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5156] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5157] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] exit_group(0 [pid 5160] <... futex resumed>) = ? [pid 5157] <... futex resumed>) = ? [pid 5156] <... exit_group resumed>) = ? [pid 5160] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ [pid 5156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached , child_tidptr=0x555555c17690) = 5161 [pid 5161] set_robust_list(0x555555c176a0, 24) = 0 [pid 5161] chdir("./26") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5161] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5162 attached => {parent_tid=[5162]}, 88) = 5162 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5162] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5162] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [ 77.040086][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5162] munmap(0x7f094d40f000, 1048576) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./file1", 0777) = 0 [pid 5162] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5162] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./file1") = 0 [pid 5162] ioctl(4, LOOP_CLR_FD) = 0 [pid 5162] close(4) = 0 [pid 5162] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5162] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... open resumed>) = 4 [pid 5162] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5162] <... futex resumed>) = 1 [pid 5161] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5162] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5162] <... futex resumed>) = 1 [pid 5162] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5162] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5162] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... openat resumed>) = 5 [pid 5162] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 1 [pid 5162] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5161] <... futex resumed>) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5161] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5165 attached [pid 5162] <... write resumed>) = 40960 [pid 5165] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5162] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... clone3 resumed> => {parent_tid=[5165]}, 88) = 5165 [pid 5165] <... rseq resumed>) = 0 [pid 5162] <... futex resumed>) = 0 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], [pid 5165] set_robust_list(0x7f094d50e9a0, 24 [pid 5162] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5165] <... set_robust_list resumed>) = 0 [pid 5161] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5161] <... futex resumed>) = 0 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5161] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5165] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5165] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5162] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 77.112082][ T5162] loop0: detected capacity change from 0 to 2048 [ 77.127753][ T5162] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5161] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... write resumed>) = 1048576 [pid 5162] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... futex resumed>) = 1 [pid 5162] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5162] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] exit_group(0 [pid 5165] <... futex resumed>) = ? [pid 5161] <... exit_group resumed>) = ? [pid 5165] +++ exited with 0 +++ [pid 5162] <... futex resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 [ 77.204718][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5166 attached , child_tidptr=0x555555c17690) = 5166 [pid 5166] set_robust_list(0x555555c176a0, 24) = 0 [pid 5166] chdir("./27") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5166] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5166] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5166] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5167 attached => {parent_tid=[5167]}, 88) = 5167 [pid 5167] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], [pid 5167] set_robust_list(0x7f095582f9a0, 24 [pid 5166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5167] <... set_robust_list resumed>) = 0 [pid 5166] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5167] munmap(0x7f094d40f000, 1048576) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] mkdir("./file1", 0777) = 0 [pid 5167] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5167] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./file1") = 0 [pid 5167] ioctl(4, LOOP_CLR_FD) = 0 [pid 5167] close(4) = 0 [pid 5167] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... futex resumed>) = 1 [pid 5167] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5167] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5167] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5167] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5167] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5167] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5167] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5166] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... openat resumed>) = 5 [pid 5167] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5166] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5166] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5170 attached [pid 5167] <... futex resumed>) = 1 [pid 5167] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5166] <... clone3 resumed> => {parent_tid=[5170]}, 88) = 5170 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5166] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... write resumed>) = 40960 [pid 5170] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5167] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] set_robust_list(0x7f094d50e9a0, 24 [pid 5167] <... futex resumed>) = 0 [pid 5170] <... set_robust_list resumed>) = 0 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5170] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5167] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5170] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5167] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 77.283504][ T5167] loop0: detected capacity change from 0 to 2048 [ 77.298284][ T5167] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5166] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... write resumed>) = 1048576 [pid 5167] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5166] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] exit_group(0 [pid 5170] <... futex resumed>) = ? [pid 5166] <... exit_group resumed>) = ? [pid 5170] +++ exited with 0 +++ [pid 5167] <... futex resumed>) = ? [pid 5167] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5171 attached , child_tidptr=0x555555c17690) = 5171 [pid 5171] set_robust_list(0x555555c176a0, 24) = 0 [ 77.396465][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5171] chdir("./28") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5171] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5171] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5172 attached => {parent_tid=[5172]}, 88) = 5172 [pid 5172] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] set_robust_list(0x7f095582f9a0, 24 [pid 5171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] <... set_robust_list resumed>) = 0 [pid 5171] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] memfd_create("syzkaller", 0) = 3 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5172] munmap(0x7f094d40f000, 1048576) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5172] close(3) = 0 [pid 5172] mkdir("./file1", 0777) = 0 [pid 5172] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5172] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5172] chdir("./file1") = 0 [pid 5172] ioctl(4, LOOP_CLR_FD) = 0 [pid 5172] close(4) = 0 [pid 5172] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5172] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... open resumed>) = 4 [pid 5172] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5172] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5171] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... mount resumed>) = 0 [pid 5172] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5171] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5172] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5172] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5171] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... openat resumed>) = 5 [pid 5172] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5171] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5171] <... futex resumed>) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5171] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5175 attached [pid 5175] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5172] <... write resumed>) = 40960 [pid 5171] <... clone3 resumed> => {parent_tid=[5175]}, 88) = 5175 [pid 5175] <... rseq resumed>) = 0 [pid 5172] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] set_robust_list(0x7f094d50e9a0, 24 [pid 5172] <... futex resumed>) = 0 [pid 5171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] <... set_robust_list resumed>) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5171] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5175] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5172] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 77.482083][ T5172] loop0: detected capacity change from 0 to 2048 [ 77.498107][ T5172] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5171] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... write resumed>) = 1048576 [pid 5172] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5171] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... futex resumed>) = 0 [pid 5171] exit_group(0 [pid 5175] <... futex resumed>) = ? [pid 5172] <... futex resumed>) = ? [pid 5171] <... exit_group resumed>) = ? [pid 5175] +++ exited with 0 +++ [pid 5172] +++ exited with 0 +++ [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5176 attached , child_tidptr=0x555555c17690) = 5176 [pid 5176] set_robust_list(0x555555c176a0, 24) = 0 [pid 5176] chdir("./29") = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5176] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5177]}, 88) = 5177 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5176] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5177 attached [pid 5177] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5177] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5177] memfd_create("syzkaller", 0) = 3 [ 77.584706][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5177] munmap(0x7f094d40f000, 1048576) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5177] close(3) = 0 [pid 5177] mkdir("./file1", 0777) = 0 [pid 5177] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5177] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5177] chdir("./file1") = 0 [pid 5177] ioctl(4, LOOP_CLR_FD) = 0 [pid 5177] close(4) = 0 [pid 5177] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5177] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... open resumed>) = 4 [pid 5177] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... futex resumed>) = 1 [pid 5177] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5177] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = 1 [pid 5177] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5177] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5176] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = 1 [pid 5177] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5176] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... openat resumed>) = 5 [pid 5177] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5177] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5176] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5180]}, 88) = 5180 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5176] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5180 attached [pid 5180] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5180] set_robust_list(0x7f094d50e9a0, 24 [pid 5177] <... write resumed>) = 40960 [pid 5180] <... set_robust_list resumed>) = 0 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5180] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5180] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = 1 [pid 5177] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 77.660472][ T5177] loop0: detected capacity change from 0 to 2048 [ 77.688398][ T5177] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5176] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... write resumed>) = 1048576 [pid 5177] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... futex resumed>) = 1 [pid 5177] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5177] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5176] exit_group(0) = ? [pid 5180] <... futex resumed>) = ? [pid 5180] +++ exited with 0 +++ [pid 5177] <... futex resumed>) = ? [pid 5177] +++ exited with 0 +++ [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached , child_tidptr=0x555555c17690) = 5181 [pid 5181] set_robust_list(0x555555c176a0, 24) = 0 [pid 5181] chdir("./30") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5181] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5181] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 77.774530][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5182 attached [pid 5182] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5182] set_robust_list(0x7f095582f9a0, 24 [pid 5181] <... clone3 resumed> => {parent_tid=[5182]}, 88) = 5182 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5181] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5181] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5182] memfd_create("syzkaller", 0) = 3 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5182] munmap(0x7f094d40f000, 1048576) = 0 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5182] close(3) = 0 [pid 5182] mkdir("./file1", 0777) = 0 [pid 5182] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5182] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5182] chdir("./file1") = 0 [pid 5182] ioctl(4, LOOP_CLR_FD) = 0 [pid 5182] close(4) = 0 [pid 5182] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 1 [pid 5182] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5182] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5182] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] <... futex resumed>) = 1 [pid 5181] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5181] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5182] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5182] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5181] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5181] <... futex resumed>) = 1 [pid 5181] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... openat resumed>) = 5 [pid 5182] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5182] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5181] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5181] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5185]}, 88) = 5185 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5185 attached NULL, 8) = 0 [pid 5185] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5181] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] set_robust_list(0x7f094d50e9a0, 24 [pid 5181] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... set_robust_list resumed>) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5182] <... write resumed>) = 40960 [pid 5182] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5185] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5185] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5181] <... futex resumed>) = 1 [pid 5181] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... write resumed>) = 1048576 [pid 5182] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5182] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5181] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5181] <... futex resumed>) = 0 [pid 5182] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5182] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 0 [pid 5181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5182] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] exit_group(0 [pid 5185] <... futex resumed>) = ? [pid 5182] <... futex resumed>) = ? [pid 5181] <... exit_group resumed>) = ? [pid 5185] +++ exited with 0 +++ [pid 5182] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 77.854139][ T5182] loop0: detected capacity change from 0 to 2048 [ 77.867696][ T5182] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5186 attached , child_tidptr=0x555555c17690) = 5186 [pid 5186] set_robust_list(0x555555c176a0, 24) = 0 [pid 5186] chdir("./31") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5186] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5187]}, 88) = 5187 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5186] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5187 attached [pid 5187] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5187] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [ 77.936868][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5187] munmap(0x7f094d40f000, 1048576) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./file1", 0777) = 0 [pid 5187] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5187] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./file1") = 0 [pid 5187] ioctl(4, LOOP_CLR_FD) = 0 [pid 5187] close(4) = 0 [pid 5187] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5186] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... open resumed>) = 4 [pid 5187] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5187] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5186] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... mount resumed>) = 0 [pid 5187] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 0 [pid 5187] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5187] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5186] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... openat resumed>) = 5 [pid 5187] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5187] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5186] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5191]}, 88) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5191] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], [pid 5186] rt_sigprocmask(SIG_SETMASK, [], [pid 5191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5187] <... write resumed>) = 40960 [pid 5191] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5187] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5191] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5187] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... open resumed>) = 6 [pid 5191] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5191] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5187] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 78.003546][ T5187] loop0: detected capacity change from 0 to 2048 [ 78.018820][ T5187] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5186] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... write resumed>) = 1048576 [pid 5187] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 1 [pid 5187] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5187] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = 0 [pid 5186] exit_group(0 [pid 5191] <... futex resumed>) = ? [pid 5191] +++ exited with 0 +++ [pid 5187] <... futex resumed>) = ? [pid 5186] <... exit_group resumed>) = ? [pid 5187] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5192 [ 78.106554][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ./strace-static-x86_64: Process 5192 attached [pid 5192] set_robust_list(0x555555c176a0, 24) = 0 [pid 5192] chdir("./32") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5192] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5193]}, 88) = 5193 ./strace-static-x86_64: Process 5193 attached [pid 5192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5193] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5193] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5193] munmap(0x7f094d40f000, 1048576) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./file1", 0777) = 0 [pid 5193] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5193] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./file1") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5193] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] <... futex resumed>) = 0 [pid 5193] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5192] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... open resumed>) = 4 [pid 5193] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5193] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5192] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [pid 5193] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5193] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [pid 5193] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5193] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5193] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5193] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5192] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5196]}, 88) = 5196 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5196 attached [pid 5196] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5196] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5196] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5193] <... write resumed>) = 40960 [pid 5196] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5196] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5196] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5193] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 0 [ 78.190236][ T5193] loop0: detected capacity change from 0 to 2048 [pid 5192] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... write resumed>) = 1048576 [pid 5196] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5196] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5192] <... futex resumed>) = 1 [pid 5193] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5192] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5193] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5193] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] exit_group(0) = ? [pid 5196] <... futex resumed>) = ? [pid 5193] <... futex resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5196] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5197 ./strace-static-x86_64: Process 5197 attached [pid 5197] set_robust_list(0x555555c176a0, 24) = 0 [pid 5197] chdir("./33") = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5197] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5197] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5198 attached => {parent_tid=[5198]}, 88) = 5198 [pid 5198] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] set_robust_list(0x7f095582f9a0, 24 [pid 5197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] <... set_robust_list resumed>) = 0 [pid 5197] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5197] <... futex resumed>) = 0 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5197] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5198] memfd_create("syzkaller", 0) = 3 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5198] munmap(0x7f094d40f000, 1048576) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5198] close(3) = 0 [pid 5198] mkdir("./file1", 0777) = 0 [pid 5198] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5198] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5198] chdir("./file1") = 0 [pid 5198] ioctl(4, LOOP_CLR_FD) = 0 [pid 5198] close(4) = 0 [pid 5198] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5198] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 1 [pid 5198] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5197] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... open resumed>) = 4 [pid 5198] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5198] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5197] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5197] <... futex resumed>) = 0 [pid 5198] <... mount resumed>) = 0 [pid 5197] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 5197] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5197] <... futex resumed>) = 0 [pid 5198] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5197] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 5197] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... openat resumed>) = 5 [pid 5198] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... write resumed>) = 40960 [pid 5197] <... futex resumed>) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5198] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... mmap resumed>) = 0x7f094d4ee000 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5201 attached [pid 5201] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5201] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5201] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] <... clone3 resumed> => {parent_tid=[5201]}, 88) = 5201 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5197] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... futex resumed>) = 0 [pid 5201] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5201] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5197] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 1 [pid 5198] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 78.342686][ T5198] loop0: detected capacity change from 0 to 2048 [pid 5197] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... write resumed>) = 1048576 [pid 5198] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5198] <... futex resumed>) = 1 [pid 5197] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5198] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5197] exit_group(0 [pid 5201] <... futex resumed>) = ? [pid 5197] <... exit_group resumed>) = ? [pid 5201] +++ exited with 0 +++ [pid 5198] <... futex resumed>) = ? [pid 5198] +++ exited with 0 +++ [pid 5197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5202 attached , child_tidptr=0x555555c17690) = 5202 [pid 5202] set_robust_list(0x555555c176a0, 24) = 0 [pid 5202] chdir("./34") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5202] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5202] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5203 attached => {parent_tid=[5203]}, 88) = 5203 [pid 5203] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] <... rseq resumed>) = 0 [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] set_robust_list(0x7f095582f9a0, 24 [pid 5202] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... set_robust_list resumed>) = 0 [pid 5202] <... futex resumed>) = 0 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5202] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5203] munmap(0x7f094d40f000, 1048576) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5203] close(3) = 0 [pid 5203] mkdir("./file1", 0777) = 0 [pid 5203] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5203] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] chdir("./file1") = 0 [pid 5203] ioctl(4, LOOP_CLR_FD) = 0 [pid 5203] close(4) = 0 [pid 5203] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5203] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5202] <... futex resumed>) = 1 [pid 5203] <... open resumed>) = 4 [pid 5203] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5202] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... mount resumed>) = 0 [pid 5202] <... futex resumed>) = 0 [pid 5203] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5202] <... futex resumed>) = 0 [pid 5203] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5202] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5202] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.508625][ T5203] loop0: detected capacity change from 0 to 2048 [pid 5202] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... openat resumed>) = 5 [pid 5203] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] <... futex resumed>) = 0 [pid 5203] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5202] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5203] <... write resumed>) = 40960 [pid 5202] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE [pid 5203] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... mprotect resumed>) = 0 [pid 5203] <... futex resumed>) = 0 [pid 5202] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5203] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5206 attached [pid 5206] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5202] <... clone3 resumed> => {parent_tid=[5206]}, 88) = 5206 [pid 5206] <... rseq resumed>) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5206] set_robust_list(0x7f094d50e9a0, 24 [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5206] <... set_robust_list resumed>) = 0 [pid 5202] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] <... futex resumed>) = 0 [pid 5206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5206] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5202] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = 1 [pid 5203] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5206] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... write resumed>) = 1048576 [pid 5203] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5203] <... futex resumed>) = 1 [pid 5202] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5202] <... futex resumed>) = 0 [pid 5203] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5202] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = 0 [pid 5202] exit_group(0 [pid 5206] <... futex resumed>) = ? [pid 5202] <... exit_group resumed>) = ? [pid 5206] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5207 attached , child_tidptr=0x555555c17690) = 5207 [pid 5207] set_robust_list(0x555555c176a0, 24) = 0 [pid 5207] chdir("./35") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5207] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5208 attached => {parent_tid=[5208]}, 88) = 5208 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], [pid 5208] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] <... rseq resumed>) = 0 [pid 5208] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5208] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5208] memfd_create("syzkaller", 0) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5207] <... futex resumed>) = 1 [pid 5207] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5208] munmap(0x7f094d40f000, 1048576) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] mkdir("./file1", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5208] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] chdir("./file1") = 0 [pid 5208] ioctl(4, LOOP_CLR_FD) = 0 [pid 5208] close(4) = 0 [pid 5208] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5208] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5208] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5208] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... openat resumed>) = 5 [pid 5208] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5208] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5207] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5207] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5211]}, 88) = 5211 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5207] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5211 attached [pid 5211] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5208] <... write resumed>) = 40960 [pid 5208] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... rseq resumed>) = 0 [pid 5208] <... futex resumed>) = 0 [pid 5211] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5208] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5211] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5211] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5207] <... futex resumed>) = 1 [pid 5208] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 78.677846][ T5208] loop0: detected capacity change from 0 to 2048 [pid 5207] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... write resumed>) = 1048576 [pid 5208] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5208] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] exit_group(0) = ? [pid 5211] <... futex resumed>) = ? [pid 5211] +++ exited with 0 +++ [pid 5208] <... futex resumed>) = ? [pid 5208] +++ exited with 0 +++ [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5212 attached , child_tidptr=0x555555c17690) = 5212 [pid 5212] set_robust_list(0x555555c176a0, 24) = 0 [pid 5212] chdir("./36") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5212] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5213 attached => {parent_tid=[5213]}, 88) = 5213 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5212] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5213] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5213] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] memfd_create("syzkaller", 0) = 3 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5213] munmap(0x7f094d40f000, 1048576) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5213] close(3) = 0 [pid 5213] mkdir("./file1", 0777) = 0 [pid 5213] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5213] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5213] chdir("./file1") = 0 [pid 5213] ioctl(4, LOOP_CLR_FD) = 0 [pid 5213] close(4) = 0 [pid 5213] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] <... futex resumed>) = 0 [pid 5213] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5212] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... open resumed>) = 4 [pid 5213] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] <... futex resumed>) = 0 [pid 5213] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5212] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... mount resumed>) = 0 [pid 5213] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5212] <... futex resumed>) = 0 [pid 5213] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5212] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5212] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... openat resumed>) = 5 [pid 5213] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] <... futex resumed>) = 0 [pid 5213] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5212] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5212] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5216 attached => {parent_tid=[5216]}, 88) = 5216 [pid 5216] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], [pid 5216] <... rseq resumed>) = 0 [pid 5212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5212] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], [pid 5213] <... write resumed>) = 40960 [pid 5212] <... futex resumed>) = 0 [pid 5216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5213] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... open resumed>) = 6 [pid 5216] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5216] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5213] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 78.844323][ T5213] loop0: detected capacity change from 0 to 2048 [pid 5212] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... write resumed>) = 1048576 [pid 5213] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] <... futex resumed>) = 0 [pid 5213] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5212] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5213] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] exit_group(0 [pid 5216] <... futex resumed>) = ? [pid 5213] <... futex resumed>) = ? [pid 5212] <... exit_group resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x555555c176a0, 24 [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5217 [pid 5217] <... set_robust_list resumed>) = 0 [pid 5217] chdir("./37") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5217] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5217] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5218]}, 88) = 5218 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5218 attached [pid 5218] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5218] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5218] munmap(0x7f094d40f000, 1048576) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] mkdir("./file1", 0777) = 0 [pid 5218] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5218] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./file1") = 0 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5218] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5217] <... futex resumed>) = 1 [pid 5217] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... open resumed>) = 4 [pid 5218] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 1 [pid 5218] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5218] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 1 [pid 5218] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5218] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 1 [pid 5218] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5218] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5217] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5218] <... futex resumed>) = 1 [pid 5217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5222 attached [pid 5218] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5222] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5217] <... clone3 resumed> => {parent_tid=[5222]}, 88) = 5222 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... rseq resumed>) = 0 [pid 5222] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5222] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5222] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... write resumed>) = 40960 [pid 5222] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5218] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.019741][ T5218] loop0: detected capacity change from 0 to 2048 [pid 5218] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... write resumed>) = 1048576 [pid 5222] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5218] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5217] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5218] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] exit_group(0 [pid 5222] <... futex resumed>) = ? [pid 5217] <... exit_group resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5218] <... futex resumed>) = ? [pid 5218] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5223 ./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x555555c176a0, 24) = 0 [pid 5223] chdir("./38") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5223] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5223] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5223] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5224]}, 88) = 5224 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5224 attached [pid 5224] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5224] set_robust_list(0x7f095582f9a0, 24 [pid 5223] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... set_robust_list resumed>) = 0 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5224] munmap(0x7f094d40f000, 1048576) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./file1", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file1") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [pid 5224] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] <... futex resumed>) = 0 [pid 5224] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5223] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... open resumed>) = 4 [pid 5224] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5224] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5224] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5223] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5224] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5223] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] <... futex resumed>) = 0 [pid 5224] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5223] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... openat resumed>) = 5 [pid 5224] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5223] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5223] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5227 attached => {parent_tid=[5227]}, 88) = 5227 [pid 5227] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5224] <... write resumed>) = 40960 [pid 5227] set_robust_list(0x7f094d50e9a0, 24 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], [pid 5227] <... set_robust_list resumed>) = 0 [pid 5224] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], [pid 5224] <... futex resumed>) = 0 [pid 5227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5224] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5223] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5227] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5223] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... open resumed>) = 6 [pid 5227] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5227] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [ 79.185561][ T5224] loop0: detected capacity change from 0 to 2048 [pid 5224] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5223] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... write resumed>) = 1048576 [pid 5224] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5223] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5224] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5223] exit_group(0) = ? [pid 5227] <... futex resumed>) = ? [pid 5227] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached , child_tidptr=0x555555c17690) = 5228 [pid 5228] set_robust_list(0x555555c176a0, 24) = 0 [pid 5228] chdir("./39") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5228] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5229 attached => {parent_tid=[5229]}, 88) = 5229 [pid 5229] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] set_robust_list(0x7f095582f9a0, 24 [pid 5228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] <... set_robust_list resumed>) = 0 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5228] <... futex resumed>) = 0 [pid 5229] memfd_create("syzkaller", 0 [pid 5228] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5229] <... memfd_create resumed>) = 3 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5229] munmap(0x7f094d40f000, 1048576) = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5229] close(3) = 0 [pid 5229] mkdir("./file1", 0777) = 0 [pid 5229] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5229] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5229] chdir("./file1") = 0 [pid 5229] ioctl(4, LOOP_CLR_FD) = 0 [pid 5229] close(4) = 0 [pid 5229] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5228] <... futex resumed>) = 0 [pid 5229] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5228] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... open resumed>) = 4 [pid 5229] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5229] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... futex resumed>) = 1 [pid 5229] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5229] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5228] <... futex resumed>) = 0 [pid 5229] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5228] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... openat resumed>) = 5 [pid 5229] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5228] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5228] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5232 attached [pid 5229] <... write resumed>) = 40960 [pid 5232] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5229] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... clone3 resumed> => {parent_tid=[5232]}, 88) = 5232 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5228] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... rseq resumed>) = 0 [pid 5232] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5232] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5232] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5232] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5228] <... futex resumed>) = 1 [pid 5229] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 79.345268][ T5229] loop0: detected capacity change from 0 to 2048 [pid 5228] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... write resumed>) = 1048576 [pid 5229] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5228] <... futex resumed>) = 1 [pid 5229] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5228] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5229] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] exit_group(0 [pid 5229] <... futex resumed>) = ? [pid 5228] <... exit_group resumed>) = ? [pid 5229] +++ exited with 0 +++ [pid 5232] <... futex resumed>) = ? [pid 5232] +++ exited with 0 +++ [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached [pid 5233] set_robust_list(0x555555c176a0, 24) = 0 [pid 5233] chdir("./40") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5233 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5233] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5234]}, 88) = 5234 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5234 attached [pid 5234] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5234] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5234] munmap(0x7f094d40f000, 1048576) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] mkdir("./file1", 0777) = 0 [pid 5234] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5234] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./file1") = 0 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5234] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5233] <... futex resumed>) = 1 [pid 5233] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... open resumed>) = 4 [pid 5234] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5234] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5234] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5234] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5234] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5234] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5233] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... openat resumed>) = 5 [pid 5234] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5234] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5233] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5233] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5237]}, 88) = 5237 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5237 attached NULL, 8) = 0 [pid 5237] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5233] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... rseq resumed>) = 0 [pid 5233] <... futex resumed>) = 0 [pid 5237] set_robust_list(0x7f094d50e9a0, 24 [pid 5234] <... write resumed>) = 40960 [pid 5233] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... set_robust_list resumed>) = 0 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5237] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5237] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = 0 [pid 5234] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5237] <... futex resumed>) = 1 [ 79.504744][ T5234] loop0: detected capacity change from 0 to 2048 [pid 5237] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] <... write resumed>) = 1048576 [pid 5234] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5234] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5234] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] exit_group(0) = ? [pid 5234] <... futex resumed>) = ? [pid 5237] <... futex resumed>) = ? [pid 5237] +++ exited with 0 +++ [pid 5234] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5238 ./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x555555c176a0, 24) = 0 [pid 5238] chdir("./41") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5238] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5238] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5239]}, 88) = 5239 ./strace-static-x86_64: Process 5239 attached [pid 5238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5238] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5239] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5239] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5239] memfd_create("syzkaller", 0) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5239] munmap(0x7f094d40f000, 1048576) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5239] close(3) = 0 [pid 5239] mkdir("./file1", 0777) = 0 [pid 5239] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5239] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5239] chdir("./file1") = 0 [pid 5239] ioctl(4, LOOP_CLR_FD) = 0 [pid 5239] close(4) = 0 [pid 5239] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5238] <... futex resumed>) = 1 [pid 5238] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... open resumed>) = 4 [pid 5239] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5239] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... futex resumed>) = 1 [pid 5239] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5239] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... futex resumed>) = 1 [pid 5239] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5239] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5238] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5242]}, 88) = 5242 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5238] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5242 attached [pid 5242] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5242] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5242] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5242] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... write resumed>) = 40960 [pid 5242] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5239] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.659200][ T5239] loop0: detected capacity change from 0 to 2048 [pid 5239] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] <... write resumed>) = 1048576 [pid 5242] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 1 [pid 5239] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5239] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5239] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] exit_group(0 [pid 5239] <... futex resumed>) = ? [pid 5238] <... exit_group resumed>) = ? [pid 5239] +++ exited with 0 +++ [pid 5242] <... futex resumed>) = ? [pid 5242] +++ exited with 0 +++ [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5243 ./strace-static-x86_64: Process 5243 attached [pid 5243] set_robust_list(0x555555c176a0, 24) = 0 [pid 5243] chdir("./42") = 0 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5243] setpgid(0, 0) = 0 [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5243] write(3, "1000", 4) = 4 [pid 5243] close(3) = 0 [pid 5243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5243] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5243] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5243] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5244 attached [pid 5244] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5243] <... clone3 resumed> => {parent_tid=[5244]}, 88) = 5244 [pid 5244] <... rseq resumed>) = 0 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], [pid 5244] set_robust_list(0x7f095582f9a0, 24 [pid 5243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5244] <... set_robust_list resumed>) = 0 [pid 5243] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], [pid 5243] <... futex resumed>) = 0 [pid 5244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5243] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5244] memfd_create("syzkaller", 0) = 3 [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5244] munmap(0x7f094d40f000, 1048576) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5244] close(3) = 0 [pid 5244] mkdir("./file1", 0777) = 0 [pid 5244] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5244] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5244] chdir("./file1") = 0 [pid 5244] ioctl(4, LOOP_CLR_FD) = 0 [pid 5244] close(4) = 0 [pid 5244] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5243] <... futex resumed>) = 1 [pid 5244] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5243] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... open resumed>) = 4 [pid 5244] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5244] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5243] <... futex resumed>) = 1 [pid 5244] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5243] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... mount resumed>) = 0 [pid 5244] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... futex resumed>) = 1 [pid 5244] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5244] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5244] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5243] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... openat resumed>) = 5 [pid 5244] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5243] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5243] <... futex resumed>) = 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5243] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5247 attached => {parent_tid=[5247]}, 88) = 5247 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5243] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5243] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5244] <... write resumed>) = 40960 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5247] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5244] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5243] <... futex resumed>) = 1 [pid 5247] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 79.839572][ T5244] loop0: detected capacity change from 0 to 2048 [pid 5243] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... write resumed>) = 1048576 [pid 5244] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5243] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5244] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5243] exit_group(0 [pid 5247] <... futex resumed>) = ? [pid 5243] <... exit_group resumed>) = ? [pid 5247] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ [pid 5243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5248 ./strace-static-x86_64: Process 5248 attached [pid 5248] set_robust_list(0x555555c176a0, 24) = 0 [pid 5248] chdir("./43") = 0 [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5248] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5248] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5248] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5249 attached [pid 5249] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5248] <... clone3 resumed> => {parent_tid=[5249]}, 88) = 5249 [pid 5249] <... rseq resumed>) = 0 [pid 5248] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] set_robust_list(0x7f095582f9a0, 24 [pid 5248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] <... set_robust_list resumed>) = 0 [pid 5248] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5248] <... futex resumed>) = 0 [pid 5249] memfd_create("syzkaller", 0 [pid 5248] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5249] <... memfd_create resumed>) = 3 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5249] munmap(0x7f094d40f000, 1048576) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5249] close(3) = 0 [pid 5249] mkdir("./file1", 0777) = 0 [pid 5249] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5249] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5249] chdir("./file1") = 0 [pid 5249] ioctl(4, LOOP_CLR_FD) = 0 [pid 5249] close(4) = 0 [pid 5249] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... futex resumed>) = 1 [pid 5249] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5249] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5249] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5248] <... futex resumed>) = 0 [pid 5249] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5248] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... mount resumed>) = 0 [pid 5249] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5249] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5248] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5248] <... futex resumed>) = 0 [pid 5249] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... futex resumed>) = 0 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5249] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5248] <... futex resumed>) = 0 [pid 5249] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5248] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... openat resumed>) = 5 [pid 5249] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5248] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5252]}, 88) = 5252 [pid 5249] <... futex resumed>) = 1 [pid 5248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5248] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5252 attached ) = 0 [pid 5252] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5249] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5248] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... rseq resumed>) = 0 [pid 5252] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5252] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5252] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5252] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5248] <... futex resumed>) = 1 [pid 5252] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5248] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... write resumed>) = 40960 [pid 5249] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.012464][ T5249] loop0: detected capacity change from 0 to 2048 [pid 5249] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] <... write resumed>) = 1048576 [pid 5252] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5252] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5248] <... futex resumed>) = 1 [pid 5249] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5248] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5249] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5249] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] exit_group(0) = ? [pid 5249] <... futex resumed>) = ? [pid 5252] <... futex resumed>) = ? [pid 5249] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ [pid 5248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5253 ./strace-static-x86_64: Process 5253 attached [pid 5253] set_robust_list(0x555555c176a0, 24) = 0 [pid 5253] chdir("./44") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5253] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5254]}, 88) = 5254 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5253] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5254 attached [pid 5254] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5254] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5254] munmap(0x7f094d40f000, 1048576) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] mkdir("./file1", 0777) = 0 [pid 5254] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5254] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./file1") = 0 [pid 5254] ioctl(4, LOOP_CLR_FD) = 0 [pid 5254] close(4) = 0 [pid 5254] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... open resumed>) = 4 [pid 5254] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5253] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... mount resumed>) = 0 [pid 5254] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5254] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5253] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... openat resumed>) = 5 [pid 5254] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5254] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5253] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5253] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5257 attached [pid 5257] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5253] <... clone3 resumed> => {parent_tid=[5257]}, 88) = 5257 [pid 5257] <... rseq resumed>) = 0 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] set_robust_list(0x7f094d50e9a0, 24 [pid 5253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] <... set_robust_list resumed>) = 0 [pid 5253] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5253] <... futex resumed>) = 0 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5253] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5257] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... futex resumed>) = 1 [pid 5257] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5254] <... write resumed>) = 40960 [pid 5254] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.180907][ T5254] loop0: detected capacity change from 0 to 2048 [pid 5254] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... write resumed>) = 1048576 [pid 5257] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 1 [pid 5253] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] <... futex resumed>) = 0 [pid 5253] <... futex resumed>) = 1 [pid 5254] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5253] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5254] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5254] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] exit_group(0 [pid 5257] <... futex resumed>) = ? [pid 5254] <... futex resumed>) = ? [pid 5253] <... exit_group resumed>) = ? [pid 5257] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x555555c176a0, 24) = 0 [pid 5258] chdir("./45") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5258] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5258] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5259 attached [pid 5259] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5258] <... clone3 resumed> => {parent_tid=[5259]}, 88) = 5259 [pid 5259] <... rseq resumed>) = 0 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], [pid 5259] set_robust_list(0x7f095582f9a0, 24 [pid 5258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5259] <... set_robust_list resumed>) = 0 [pid 5258] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], [pid 5258] <... futex resumed>) = 0 [pid 5259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5259] memfd_create("syzkaller", 0 [pid 5258] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5259] <... memfd_create resumed>) = 3 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5258 [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5259] munmap(0x7f094d40f000, 1048576) = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5259] close(3) = 0 [pid 5259] mkdir("./file1", 0777) = 0 [pid 5259] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5259] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5259] chdir("./file1") = 0 [pid 5259] ioctl(4, LOOP_CLR_FD) = 0 [pid 5259] close(4) = 0 [pid 5259] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5258] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... open resumed>) = 4 [pid 5259] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5258] <... futex resumed>) = 1 [pid 5259] <... mount resumed>) = 0 [pid 5258] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] <... futex resumed>) = 0 [pid 5259] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5258] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5259] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5259] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5258] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... openat resumed>) = 5 [pid 5259] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] <... futex resumed>) = 1 [pid 5258] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5258] <... futex resumed>) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5258] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5262]}, 88) = 5262 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5258] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5262 attached [pid 5262] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5262] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5262] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5262] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5262] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... write resumed>) = 40960 [pid 5258] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 0 [pid 5262] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5259] <... futex resumed>) = 0 [pid 5258] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 80.335661][ T5259] loop0: detected capacity change from 0 to 2048 [pid 5259] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] <... write resumed>) = 1048576 [pid 5262] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = 1 [pid 5258] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5259] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5258] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5259] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] exit_group(0) = ? [pid 5259] <... futex resumed>) = ? [pid 5262] <... futex resumed>) = ? [pid 5262] +++ exited with 0 +++ [pid 5259] +++ exited with 0 +++ [pid 5258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5263 ./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x555555c176a0, 24) = 0 [pid 5263] chdir("./46") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5263] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5264]}, 88) = 5264 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5264 attached [pid 5264] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5263] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5264] <... rseq resumed>) = 0 [pid 5264] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5264] munmap(0x7f094d40f000, 1048576) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] mkdir("./file1", 0777) = 0 [pid 5264] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5264] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file1") = 0 [pid 5264] ioctl(4, LOOP_CLR_FD) = 0 [pid 5264] close(4) = 0 [pid 5264] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... futex resumed>) = 1 [pid 5264] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5264] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... futex resumed>) = 1 [pid 5264] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5264] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = 1 [pid 5263] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5263] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5264] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... openat resumed>) = 5 [pid 5264] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5263] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5263] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5264] <... write resumed>) = 40960 ./strace-static-x86_64: Process 5267 attached [pid 5264] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5263] <... clone3 resumed> => {parent_tid=[5267]}, 88) = 5267 [pid 5267] <... rseq resumed>) = 0 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5267] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5263] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5267] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5263] <... futex resumed>) = 0 [pid 5267] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 0 [ 80.521397][ T5264] loop0: detected capacity change from 0 to 2048 [pid 5264] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5263] <... futex resumed>) = 1 [pid 5263] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... write resumed>) = 1048576 [pid 5264] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5264] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] exit_group(0 [pid 5264] <... futex resumed>) = 1 [pid 5264] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... futex resumed>) = ? [pid 5263] <... exit_group resumed>) = ? [pid 5264] <... futex resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5267] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5268 attached [pid 5268] set_robust_list(0x555555c176a0, 24 [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5268 [pid 5268] <... set_robust_list resumed>) = 0 [pid 5268] chdir("./47") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5268] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5269]}, 88) = 5269 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5269 attached [pid 5269] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5268] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5269] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5269] memfd_create("syzkaller", 0) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5269] munmap(0x7f094d40f000, 1048576) = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5269] close(3) = 0 [pid 5269] mkdir("./file1", 0777) = 0 [pid 5269] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5269] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./file1") = 0 [pid 5269] ioctl(4, LOOP_CLR_FD) = 0 [pid 5269] close(4) = 0 [pid 5269] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... open resumed>) = 4 [pid 5269] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5268] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] <... mount resumed>) = 0 [pid 5268] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5269] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5268] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5269] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] <... futex resumed>) = 0 [pid 5269] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5268] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... openat resumed>) = 5 [pid 5269] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5268] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5268] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5272 attached => {parent_tid=[5272]}, 88) = 5272 [pid 5272] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], [pid 5272] set_robust_list(0x7f094d50e9a0, 24 [pid 5269] <... write resumed>) = 40960 [pid 5268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5272] <... set_robust_list resumed>) = 0 [pid 5269] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], [pid 5269] <... futex resumed>) = 0 [pid 5268] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5272] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5272] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 0 [pid 5268] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5269] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5268] <... futex resumed>) = 1 [ 80.694895][ T5269] loop0: detected capacity change from 0 to 2048 [pid 5268] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... write resumed>) = 1048576 [pid 5269] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5269] <... futex resumed>) = 1 [pid 5268] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5268] <... futex resumed>) = 0 [pid 5269] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5268] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] exit_group(0 [pid 5272] <... futex resumed>) = ? [pid 5269] <... futex resumed>) = ? [pid 5268] <... exit_group resumed>) = ? [pid 5272] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5273 ./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x555555c176a0, 24) = 0 [pid 5273] chdir("./48") = 0 [pid 5273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5273] setpgid(0, 0) = 0 [pid 5273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5273] write(3, "1000", 4) = 4 [pid 5273] close(3) = 0 [pid 5273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5273] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5273] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5274 attached => {parent_tid=[5274]}, 88) = 5274 [pid 5274] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5274] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5273] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5273] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5274] memfd_create("syzkaller", 0) = 3 [pid 5274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5274] munmap(0x7f094d40f000, 1048576) = 0 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5274] close(3) = 0 [pid 5274] mkdir("./file1", 0777) = 0 [pid 5274] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5274] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5274] chdir("./file1") = 0 [pid 5274] ioctl(4, LOOP_CLR_FD) = 0 [pid 5274] close(4) = 0 [pid 5274] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5274] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5273] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... open resumed>) = 4 [pid 5274] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] <... futex resumed>) = 0 [pid 5273] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5273] <... futex resumed>) = 0 [pid 5274] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5273] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] <... futex resumed>) = 0 [pid 5273] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... openat resumed>) = 5 [pid 5274] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] <... futex resumed>) = 0 [pid 5274] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5273] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5273] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5277 attached [pid 5277] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5273] <... clone3 resumed> => {parent_tid=[5277]}, 88) = 5277 [pid 5277] set_robust_list(0x7f094d50e9a0, 24 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] <... set_robust_list resumed>) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5273] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5273] <... futex resumed>) = 0 [pid 5277] <... open resumed>) = 6 [pid 5273] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... write resumed>) = 40960 [pid 5274] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5274] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 80.862942][ T5274] loop0: detected capacity change from 0 to 2048 [pid 5273] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... write resumed>) = 1048576 [pid 5274] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... futex resumed>) = 1 [pid 5274] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5274] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5273] exit_group(0 [pid 5277] <... futex resumed>) = ? [pid 5273] <... exit_group resumed>) = ? [pid 5277] +++ exited with 0 +++ [pid 5274] <... futex resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5273, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached , child_tidptr=0x555555c17690) = 5278 [pid 5278] set_robust_list(0x555555c176a0, 24) = 0 [pid 5278] chdir("./49") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5278] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5278] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5279 attached => {parent_tid=[5279]}, 88) = 5279 [pid 5279] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5279] <... rseq resumed>) = 0 [pid 5279] set_robust_list(0x7f095582f9a0, 24 [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5278] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5278] <... futex resumed>) = 0 [pid 5279] memfd_create("syzkaller", 0 [pid 5278] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5279] <... memfd_create resumed>) = 3 [pid 5279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5279] munmap(0x7f094d40f000, 1048576) = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5279] close(3) = 0 [pid 5279] mkdir("./file1", 0777) = 0 [pid 5279] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5279] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5279] chdir("./file1") = 0 [pid 5279] ioctl(4, LOOP_CLR_FD) = 0 [pid 5279] close(4) = 0 [pid 5279] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5279] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5279] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5278] <... futex resumed>) = 0 [pid 5279] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5278] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5279] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5279] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5278] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... openat resumed>) = 5 [pid 5279] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5279] <... futex resumed>) = 1 [pid 5278] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5278] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5282 attached [pid 5282] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5279] <... write resumed>) = 40960 [pid 5282] set_robust_list(0x7f094d50e9a0, 24 [pid 5279] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... set_robust_list resumed>) = 0 [pid 5279] <... futex resumed>) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], [pid 5279] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... clone3 resumed> => {parent_tid=[5282]}, 88) = 5282 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5278] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... futex resumed>) = 0 [pid 5282] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5282] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5282] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5278] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 81.010501][ T5279] loop0: detected capacity change from 0 to 2048 [pid 5279] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5279] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5278] <... futex resumed>) = 0 [pid 5279] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5278] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5279] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] exit_group(0 [pid 5282] <... futex resumed>) = ? [pid 5279] <... futex resumed>) = ? [pid 5278] <... exit_group resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5279] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5283 attached , child_tidptr=0x555555c17690) = 5283 [pid 5283] set_robust_list(0x555555c176a0, 24) = 0 [pid 5283] chdir("./50") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5283] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5283] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5284 attached => {parent_tid=[5284]}, 88) = 5284 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5283] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5284] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5284] memfd_create("syzkaller", 0) = 3 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5284] munmap(0x7f094d40f000, 1048576) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] mkdir("./file1", 0777) = 0 [pid 5284] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5284] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5284] chdir("./file1") = 0 [pid 5284] ioctl(4, LOOP_CLR_FD) = 0 [pid 5284] close(4) = 0 [pid 5284] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... open resumed>) = 4 [pid 5284] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = 1 [pid 5283] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... mount resumed>) = 0 [pid 5284] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5284] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5283] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5284] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5284] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5283] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... openat resumed>) = 5 [pid 5284] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = 1 [pid 5283] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5283] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5283] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5284] <... write resumed>) = 40960 [pid 5284] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... clone3 resumed> => {parent_tid=[5287]}, 88) = 5287 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5283] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5287 attached [pid 5287] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5287] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5287] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5287] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5287] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... futex resumed>) = 0 [ 81.172631][ T5284] loop0: detected capacity change from 0 to 2048 [pid 5284] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5284] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5284] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5283] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5284] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] exit_group(0 [pid 5284] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... futex resumed>) = ? [pid 5284] <... futex resumed>) = ? [pid 5283] <... exit_group resumed>) = ? [pid 5284] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ [pid 5283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5288 attached , child_tidptr=0x555555c17690) = 5288 [pid 5288] set_robust_list(0x555555c176a0, 24) = 0 [pid 5288] chdir("./51") = 0 [pid 5288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5288] setpgid(0, 0) = 0 [pid 5288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5288] write(3, "1000", 4) = 4 [pid 5288] close(3) = 0 [pid 5288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5288] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5288] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5289 attached => {parent_tid=[5289]}, 88) = 5289 [pid 5289] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5289] <... rseq resumed>) = 0 [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5289] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5288] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], [pid 5288] <... futex resumed>) = 0 [pid 5289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5288] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5289] memfd_create("syzkaller", 0) = 3 [pid 5289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5289] munmap(0x7f094d40f000, 1048576) = 0 [pid 5289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5289] close(3) = 0 [pid 5289] mkdir("./file1", 0777) = 0 [pid 5289] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5289] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5289] chdir("./file1") = 0 [pid 5289] ioctl(4, LOOP_CLR_FD) = 0 [pid 5289] close(4) = 0 [pid 5289] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5289] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] <... futex resumed>) = 0 [pid 5289] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5288] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] <... open resumed>) = 4 [pid 5289] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = 1 [pid 5289] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5288] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5288] <... futex resumed>) = 0 [pid 5289] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5288] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5288] <... futex resumed>) = 0 [pid 5289] <... openat resumed>) = 5 [pid 5288] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] <... futex resumed>) = 0 [pid 5288] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5288] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5292 attached [pid 5289] <... write resumed>) = 40960 [pid 5288] <... clone3 resumed> => {parent_tid=[5292]}, 88) = 5292 [pid 5289] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5289] <... futex resumed>) = 0 [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5289] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5292] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5292] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5292] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5288] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 81.327781][ T5289] loop0: detected capacity change from 0 to 2048 [pid 5292] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] <... write resumed>) = 1048576 [pid 5289] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5289] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5289] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] exit_group(0) = ? [pid 5292] <... futex resumed>) = ? [pid 5289] <... futex resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5289] +++ exited with 0 +++ [pid 5288] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5288, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5293 attached [pid 5293] set_robust_list(0x555555c176a0, 24) = 0 [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5293 [pid 5293] chdir("./52") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5293] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5294]}, 88) = 5294 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5294 attached NULL, 8) = 0 [pid 5294] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5293] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... rseq resumed>) = 0 [pid 5294] set_robust_list(0x7f095582f9a0, 24 [pid 5293] <... futex resumed>) = 0 [pid 5294] <... set_robust_list resumed>) = 0 [pid 5293] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5294] munmap(0x7f094d40f000, 1048576) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] mkdir("./file1", 0777) = 0 [pid 5294] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5294] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./file1") = 0 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5294] <... futex resumed>) = 1 [pid 5293] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... open resumed>) = 4 [pid 5294] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5293] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5294] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] <... futex resumed>) = 0 [pid 5294] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5293] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5294] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] <... futex resumed>) = 0 [pid 5294] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5293] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... openat resumed>) = 5 [pid 5294] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5293] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5297]}, 88) = 5297 ./strace-static-x86_64: Process 5297 attached [pid 5297] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5293] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... rseq resumed>) = 0 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... write resumed>) = 40960 [pid 5294] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5297] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5297] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 1 [pid 5297] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] <... futex resumed>) = 0 [ 81.510902][ T5294] loop0: detected capacity change from 0 to 2048 [pid 5294] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5294] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5294] <... futex resumed>) = 1 [pid 5293] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5293] <... futex resumed>) = 0 [pid 5294] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5293] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] exit_group(0 [pid 5297] <... futex resumed>) = ? [pid 5294] <... futex resumed>) = ? [pid 5293] <... exit_group resumed>) = ? [pid 5297] +++ exited with 0 +++ [pid 5294] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5298 ./strace-static-x86_64: Process 5298 attached [pid 5298] set_robust_list(0x555555c176a0, 24) = 0 [pid 5298] chdir("./53") = 0 [pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5298] setpgid(0, 0) = 0 [pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5298] write(3, "1000", 4) = 4 [pid 5298] close(3) = 0 [pid 5298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5298] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5298] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5299 attached [pid 5299] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5298] <... clone3 resumed> => {parent_tid=[5299]}, 88) = 5299 [pid 5299] <... rseq resumed>) = 0 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] set_robust_list(0x7f095582f9a0, 24 [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] <... set_robust_list resumed>) = 0 [pid 5298] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] <... futex resumed>) = 0 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5299] memfd_create("syzkaller", 0) = 3 [pid 5299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5299] munmap(0x7f094d40f000, 1048576) = 0 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5299] close(3) = 0 [pid 5299] mkdir("./file1", 0777) = 0 [pid 5299] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5299] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5299] chdir("./file1") = 0 [pid 5299] ioctl(4, LOOP_CLR_FD) = 0 [pid 5299] close(4) = 0 [pid 5299] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5299] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5298] <... futex resumed>) = 1 [pid 5299] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5298] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... open resumed>) = 4 [pid 5299] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5298] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] <... futex resumed>) = 1 [pid 5298] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5299] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5299] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5298] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... openat resumed>) = 5 [pid 5299] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5299] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5298] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5302 attached => {parent_tid=[5302]}, 88) = 5302 [pid 5302] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] set_robust_list(0x7f094d50e9a0, 24 [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... set_robust_list resumed>) = 0 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5302] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5299] <... write resumed>) = 40960 [pid 5302] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... futex resumed>) = 0 [pid 5299] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 0 [pid 5299] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... futex resumed>) = 1 [pid 5302] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 81.676376][ T5299] loop0: detected capacity change from 0 to 2048 [pid 5298] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... write resumed>) = 1048576 [pid 5302] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5302] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5298] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5299] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 1 [pid 5299] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] exit_group(0 [pid 5302] <... futex resumed>) = ? [pid 5299] <... futex resumed>) = ? [pid 5298] <... exit_group resumed>) = ? [pid 5302] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ [pid 5298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5298, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5303 attached , child_tidptr=0x555555c17690) = 5303 [pid 5303] set_robust_list(0x555555c176a0, 24) = 0 [pid 5303] chdir("./54") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5303] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5304 attached => {parent_tid=[5304]}, 88) = 5304 [pid 5304] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] <... rseq resumed>) = 0 [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] set_robust_list(0x7f095582f9a0, 24 [pid 5303] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... set_robust_list resumed>) = 0 [pid 5303] <... futex resumed>) = 0 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] memfd_create("syzkaller", 0) = 3 [pid 5304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5304] munmap(0x7f094d40f000, 1048576) = 0 [pid 5304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5304] close(3) = 0 [pid 5304] mkdir("./file1", 0777) = 0 [pid 5304] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5304] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5304] chdir("./file1") = 0 [pid 5304] ioctl(4, LOOP_CLR_FD) = 0 [pid 5304] close(4) = 0 [pid 5304] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5303] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... open resumed>) = 4 [pid 5304] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] <... futex resumed>) = 0 [pid 5304] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5303] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... mount resumed>) = 0 [pid 5304] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 1 [pid 5303] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5303] <... futex resumed>) = 0 [pid 5304] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5303] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... openat resumed>) = 5 [pid 5304] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] <... futex resumed>) = 0 [pid 5304] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5303] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5303] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5307 attached => {parent_tid=[5307]}, 88) = 5307 [pid 5307] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5304] <... write resumed>) = 40960 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] <... futex resumed>) = 0 [pid 5303] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... futex resumed>) = 0 [pid 5307] <... rseq resumed>) = 0 [pid 5303] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5307] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5307] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5307] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5303] <... futex resumed>) = 1 [pid 5304] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 81.825428][ T5304] loop0: detected capacity change from 0 to 2048 [pid 5303] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5303] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... write resumed>) = 1048576 [pid 5307] <... futex resumed>) = 0 [pid 5303] <... futex resumed>) = 1 [pid 5307] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5304] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... futex resumed>) = 0 [pid 5307] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5304] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... futex resumed>) = 0 [pid 5303] exit_group(0 [pid 5307] <... futex resumed>) = ? [pid 5307] +++ exited with 0 +++ [pid 5304] <... futex resumed>) = ? [pid 5304] +++ exited with 0 +++ [pid 5303] <... exit_group resumed>) = ? [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x555555c176a0, 24) = 0 [pid 5308] chdir("./55") = 0 [pid 5308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5308] setpgid(0, 0) = 0 [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5308 [pid 5308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5308] write(3, "1000", 4) = 4 [pid 5308] close(3) = 0 [pid 5308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5308] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5308] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5309]}, 88) = 5309 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5308] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5309 attached ) = 0 [pid 5308] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5309] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5309] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5309] memfd_create("syzkaller", 0) = 3 [pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5309] munmap(0x7f094d40f000, 1048576) = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5309] close(3) = 0 [pid 5309] mkdir("./file1", 0777) = 0 [pid 5309] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5309] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5309] chdir("./file1") = 0 [pid 5309] ioctl(4, LOOP_CLR_FD) = 0 [pid 5309] close(4) = 0 [pid 5309] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5308] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... open resumed>) = 4 [pid 5309] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5308] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5309] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5308] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5308] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... openat resumed>) = 5 [pid 5309] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5308] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5309] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960./strace-static-x86_64: Process 5312 attached [pid 5312] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5308] <... clone3 resumed> => {parent_tid=[5312]}, 88) = 5312 [pid 5312] <... rseq resumed>) = 0 [pid 5312] set_robust_list(0x7f094d50e9a0, 24 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], [pid 5312] <... set_robust_list resumed>) = 0 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5308] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5308] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [ 82.061306][ T5309] loop0: detected capacity change from 0 to 2048 [pid 5312] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5309] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5309] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... write resumed>) = 1048576 [pid 5312] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5312] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... futex resumed>) = 0 [pid 5309] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5309] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5309] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] exit_group(0 [pid 5312] <... futex resumed>) = ? [pid 5308] <... exit_group resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5309] <... futex resumed>) = ? [pid 5309] +++ exited with 0 +++ [pid 5308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5308, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 82.101867][ T5309] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5313 attached , child_tidptr=0x555555c17690) = 5313 [pid 5313] set_robust_list(0x555555c176a0, 24) = 0 [pid 5313] chdir("./56") = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5313] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5314]}, 88) = 5314 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5314 attached [pid 5314] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5314] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5314] memfd_create("syzkaller", 0) = 3 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5314] munmap(0x7f094d40f000, 1048576) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5314] close(3) = 0 [pid 5314] mkdir("./file1", 0777) = 0 [pid 5314] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5314] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5314] chdir("./file1") = 0 [pid 5314] ioctl(4, LOOP_CLR_FD) = 0 [pid 5314] close(4) = 0 [pid 5314] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5314] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5314] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] <... futex resumed>) = 0 [pid 5314] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5313] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... mount resumed>) = 0 [pid 5314] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [pid 5314] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5314] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5313] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... openat resumed>) = 5 [pid 5314] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5313] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5313] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5317]}, 88) = 5317 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5317 attached [pid 5317] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5317] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5317] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5317] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... futex resumed>) = 1 [ 82.255965][ T5314] loop0: detected capacity change from 0 to 2048 [ 82.301585][ T5314] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz-executor264: bg 0: block 8: padding at end of block bitmap is not set [ 82.317444][ T5314] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 82.331695][ T5314] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [pid 5317] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5313] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5313] futex(0x7f09558fc6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4cd000 [pid 5313] mprotect(0x7f094d4ce000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d4ed990, parent_tid=0x7f094d4ed990, exit_signal=0, stack=0x7f094d4cd000, stack_size=0x20300, tls=0x7f094d4ed6c0}./strace-static-x86_64: Process 5318 attached => {parent_tid=[5318]}, 88) = 5318 [pid 5318] rseq(0x7f094d4edfe0, 0x20, 0, 0x53053053) = 0 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] set_robust_list(0x7f094d4ed9a0, 24 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] <... set_robust_list resumed>) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] futex(0x7f09558fc6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f09558fc6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5318] futex(0x7f09558fc6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5318] futex(0x7f09558fc6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... write resumed>) = 1048576 [pid 5317] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.344525][ T5314] EXT4-fs error (device loop0): ext4_dirty_inode:5956: inode #16: comm syz-executor264: mark_inode_dirty error [ 82.360244][ T5314] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 82.374365][ T5314] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 82.384088][ T5314] EXT4-fs error (device loop0): ext4_ext_truncate:4399: inode #16: comm syz-executor264: mark_inode_dirty error [pid 5317] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5314] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] exit_group(0 [pid 5314] <... futex resumed>) = ? [pid 5313] <... exit_group resumed>) = ? [pid 5318] <... futex resumed>) = ? [pid 5317] <... futex resumed>) = ? [pid 5314] +++ exited with 0 +++ [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 82.396687][ T5314] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 82.410218][ T5314] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 82.420133][ T5314] EXT4-fs error (device loop0): ext4_truncate:4184: inode #16: comm syz-executor264: mark_inode_dirty error rmdir("./56/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5319 attached , child_tidptr=0x555555c17690) = 5319 [pid 5319] set_robust_list(0x555555c176a0, 24) = 0 [pid 5319] chdir("./57") = 0 [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [pid 5319] close(3) = 0 [pid 5319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5319] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5319] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5320]}, 88) = 5320 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5319] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5320 attached [pid 5320] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5320] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5320] memfd_create("syzkaller", 0) = 3 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5320] munmap(0x7f094d40f000, 1048576) = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5320] close(3) = 0 [pid 5320] mkdir("./file1", 0777) = 0 [pid 5320] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5320] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5320] chdir("./file1") = 0 [pid 5320] ioctl(4, LOOP_CLR_FD) = 0 [pid 5320] close(4) = 0 [pid 5320] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 0 [pid 5320] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5320] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5319] <... futex resumed>) = 0 [pid 5320] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5319] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... mount resumed>) = 0 [pid 5320] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5319] <... futex resumed>) = 0 [pid 5320] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5319] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5319] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... openat resumed>) = 5 [pid 5320] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5319] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5319] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5320] <... write resumed>) = 40960 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5320] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5320] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5323 attached [pid 5323] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5319] <... clone3 resumed> => {parent_tid=[5323]}, 88) = 5323 [pid 5323] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5319] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5319] <... futex resumed>) = 0 [pid 5323] <... open resumed>) = 6 [pid 5319] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] <... futex resumed>) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 82.514709][ T5320] loop0: detected capacity change from 0 to 2048 [pid 5319] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... write resumed>) = 1048576 [pid 5320] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5319] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5320] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] exit_group(0 [pid 5323] <... futex resumed>) = ? [pid 5320] <... futex resumed>) = ? [pid 5319] <... exit_group resumed>) = ? [pid 5323] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ [pid 5319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5324 attached , child_tidptr=0x555555c17690) = 5324 [pid 5324] set_robust_list(0x555555c176a0, 24) = 0 [pid 5324] chdir("./58") = 0 [pid 5324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5324] setpgid(0, 0) = 0 [pid 5324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5324] write(3, "1000", 4) = 4 [pid 5324] close(3) = 0 [pid 5324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5324] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5324] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5325 attached => {parent_tid=[5325]}, 88) = 5325 [pid 5325] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], [pid 5325] set_robust_list(0x7f095582f9a0, 24 [pid 5324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5325] <... set_robust_list resumed>) = 0 [pid 5324] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] <... futex resumed>) = 0 [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5324] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5325] memfd_create("syzkaller", 0) = 3 [pid 5325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5325] munmap(0x7f094d40f000, 1048576) = 0 [pid 5325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5325] close(3) = 0 [pid 5325] mkdir("./file1", 0777) = 0 [pid 5325] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5325] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5325] chdir("./file1") = 0 [pid 5325] ioctl(4, LOOP_CLR_FD) = 0 [pid 5325] close(4) = 0 [pid 5325] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5325] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5325] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5325] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5324] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5325] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5324] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5324] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5325] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5325] <... futex resumed>) = 1 [pid 5324] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5324] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5328 attached [pid 5325] <... write resumed>) = 40960 [pid 5325] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] <... clone3 resumed> => {parent_tid=[5328]}, 88) = 5328 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5324] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5328] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5328] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5328] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5328] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5324] <... futex resumed>) = 1 [pid 5325] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 82.686514][ T5325] loop0: detected capacity change from 0 to 2048 [pid 5324] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... write resumed>) = 1048576 [pid 5325] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5325] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5324] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5325] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] <... futex resumed>) = 0 [pid 5324] exit_group(0 [pid 5325] <... futex resumed>) = ? [pid 5328] <... futex resumed>) = ? [pid 5324] <... exit_group resumed>) = ? [pid 5328] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ [pid 5324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5324, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5329 attached [pid 5329] set_robust_list(0x555555c176a0, 24) = 0 [pid 5329] chdir("./59" [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5329 [pid 5329] <... chdir resumed>) = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5329] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5330 attached [pid 5330] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5329] <... clone3 resumed> => {parent_tid=[5330]}, 88) = 5330 [pid 5330] <... rseq resumed>) = 0 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5330] set_robust_list(0x7f095582f9a0, 24 [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5330] <... set_robust_list resumed>) = 0 [pid 5329] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5329] <... futex resumed>) = 0 [pid 5330] memfd_create("syzkaller", 0 [pid 5329] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5330] <... memfd_create resumed>) = 3 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5330] munmap(0x7f094d40f000, 1048576) = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5330] close(3) = 0 [pid 5330] mkdir("./file1", 0777) = 0 [pid 5330] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5330] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5330] chdir("./file1") = 0 [pid 5330] ioctl(4, LOOP_CLR_FD) = 0 [pid 5330] close(4) = 0 [pid 5330] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] <... futex resumed>) = 0 [pid 5330] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5329] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... open resumed>) = 4 [pid 5330] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5329] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... mount resumed>) = 0 [pid 5330] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5329] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5329] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5330] <... futex resumed>) = 0 [pid 5329] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... openat resumed>) = 5 [pid 5330] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] <... futex resumed>) = 0 [pid 5330] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5329] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5329] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5333 attached [pid 5333] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5329] <... clone3 resumed> => {parent_tid=[5333]}, 88) = 5333 [pid 5333] <... rseq resumed>) = 0 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5333] set_robust_list(0x7f094d50e9a0, 24 [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5333] <... set_robust_list resumed>) = 0 [pid 5329] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], [pid 5329] <... futex resumed>) = 0 [pid 5333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5329] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5333] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5333] <... futex resumed>) = 1 [pid 5329] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5329] <... futex resumed>) = 0 [ 82.867729][ T5330] loop0: detected capacity change from 0 to 2048 [pid 5329] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5330] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] <... write resumed>) = 1048576 [pid 5333] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5333] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5329] <... futex resumed>) = 1 [pid 5330] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5329] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5330] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] exit_group(0) = ? [pid 5330] <... futex resumed>) = ? [pid 5333] <... futex resumed>) = ? [pid 5330] +++ exited with 0 +++ [pid 5333] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 82.925247][ T5330] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5334 ./strace-static-x86_64: Process 5334 attached [pid 5334] set_robust_list(0x555555c176a0, 24) = 0 [pid 5334] chdir("./60") = 0 [pid 5334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5334] setpgid(0, 0) = 0 [pid 5334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5334] write(3, "1000", 4) = 4 [pid 5334] close(3) = 0 [pid 5334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5334] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5334] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5335 attached => {parent_tid=[5335]}, 88) = 5335 [pid 5335] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5335] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5335] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5334] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5334] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5335] memfd_create("syzkaller", 0) = 3 [pid 5335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5335] munmap(0x7f094d40f000, 1048576) = 0 [pid 5335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5335] close(3) = 0 [pid 5335] mkdir("./file1", 0777) = 0 [pid 5335] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5335] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5335] chdir("./file1") = 0 [pid 5335] ioctl(4, LOOP_CLR_FD) = 0 [pid 5335] close(4) = 0 [pid 5335] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5335] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5335] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5334] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... open resumed>) = 4 [pid 5335] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5335] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5335] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... futex resumed>) = 1 [pid 5335] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5335] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5335] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5334] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5334] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5338 attached => {parent_tid=[5338]}, 88) = 5338 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5334] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5338] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5338] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5338] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5335] <... write resumed>) = 40960 [pid 5335] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.039120][ T5335] loop0: detected capacity change from 0 to 2048 [pid 5335] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] <... write resumed>) = 1048576 [pid 5338] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5335] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5334] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5335] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5338] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5335] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] exit_group(0 [pid 5338] <... futex resumed>) = ? [pid 5335] <... futex resumed>) = ? [pid 5334] <... exit_group resumed>) = ? [pid 5338] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ [pid 5334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5334, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5339 attached , child_tidptr=0x555555c17690) = 5339 [pid 5339] set_robust_list(0x555555c176a0, 24) = 0 [pid 5339] chdir("./61") = 0 [pid 5339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5339] setpgid(0, 0) = 0 [pid 5339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5339] write(3, "1000", 4) = 4 [pid 5339] close(3) = 0 [pid 5339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5339] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5339] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5340]}, 88) = 5340 ./strace-static-x86_64: Process 5340 attached [pid 5339] rt_sigprocmask(SIG_SETMASK, [], [pid 5340] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5340] <... rseq resumed>) = 0 [pid 5339] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] set_robust_list(0x7f095582f9a0, 24 [pid 5339] <... futex resumed>) = 0 [pid 5340] <... set_robust_list resumed>) = 0 [pid 5339] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5340] memfd_create("syzkaller", 0) = 3 [pid 5340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5340] munmap(0x7f094d40f000, 1048576) = 0 [pid 5340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5340] close(3) = 0 [pid 5340] mkdir("./file1", 0777) = 0 [pid 5340] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5340] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5340] chdir("./file1") = 0 [pid 5340] ioctl(4, LOOP_CLR_FD) = 0 [pid 5340] close(4) = 0 [pid 5340] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5339] <... futex resumed>) = 1 [pid 5340] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5339] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... open resumed>) = 4 [pid 5340] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5340] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5339] <... futex resumed>) = 0 [pid 5340] <... mount resumed>) = 0 [pid 5339] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5339] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5340] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... futex resumed>) = 1 [pid 5339] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5339] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5340] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] <... futex resumed>) = 1 [pid 5340] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5339] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] <... futex resumed>) = 0 [pid 5339] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5339] <... futex resumed>) = 0 [pid 5339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5339] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5343 attached [pid 5343] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5340] <... write resumed>) = 40960 [pid 5339] <... clone3 resumed> => {parent_tid=[5343]}, 88) = 5343 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5339] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... rseq resumed>) = 0 [pid 5340] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5343] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5343] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5339] <... futex resumed>) = 1 [pid 5340] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5339] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [ 83.212164][ T5340] loop0: detected capacity change from 0 to 2048 [pid 5343] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] <... write resumed>) = 1048576 [pid 5340] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5339] <... futex resumed>) = 0 [pid 5340] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5339] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5340] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] exit_group(0 [pid 5343] <... futex resumed>) = ? [pid 5340] <... futex resumed>) = ? [pid 5339] <... exit_group resumed>) = ? [pid 5343] +++ exited with 0 +++ [pid 5340] +++ exited with 0 +++ [pid 5339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5339, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5344 ./strace-static-x86_64: Process 5344 attached [pid 5344] set_robust_list(0x555555c176a0, 24) = 0 [pid 5344] chdir("./62") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5344] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5345 attached => {parent_tid=[5345]}, 88) = 5345 [pid 5345] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5345] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5344] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5345] memfd_create("syzkaller", 0) = 3 [pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5345] munmap(0x7f094d40f000, 1048576) = 0 [pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5345] close(3) = 0 [pid 5345] mkdir("./file1", 0777) = 0 [pid 5345] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5345] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5345] chdir("./file1") = 0 [pid 5345] ioctl(4, LOOP_CLR_FD) = 0 [pid 5345] close(4) = 0 [pid 5345] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5345] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5344] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5345] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5344] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5344] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5344] <... futex resumed>) = 0 [pid 5345] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5345] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5344] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... openat resumed>) = 5 [pid 5345] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5344] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5345] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5344] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5348]}, 88) = 5348 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5348 attached [pid 5344] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5344] <... futex resumed>) = 0 [pid 5348] set_robust_list(0x7f094d50e9a0, 24 [pid 5344] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... write resumed>) = 40960 [pid 5348] <... set_robust_list resumed>) = 0 [pid 5348] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5345] <... futex resumed>) = 0 [pid 5348] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5345] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5348] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5345] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 83.396729][ T5345] loop0: detected capacity change from 0 to 2048 [pid 5344] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... write resumed>) = 1048576 [pid 5345] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5345] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] exit_group(0) = ? [pid 5348] <... futex resumed>) = ? [pid 5345] <... futex resumed>) = ? [pid 5345] +++ exited with 0 +++ [pid 5348] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5344, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5349 ./strace-static-x86_64: Process 5349 attached [pid 5349] set_robust_list(0x555555c176a0, 24) = 0 [pid 5349] chdir("./63") = 0 [pid 5349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5349] setpgid(0, 0) = 0 [pid 5349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5349] write(3, "1000", 4) = 4 [pid 5349] close(3) = 0 [pid 5349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5349] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5349] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5350]}, 88) = 5350 ./strace-static-x86_64: Process 5350 attached [pid 5349] rt_sigprocmask(SIG_SETMASK, [], [pid 5350] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5350] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5349] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] memfd_create("syzkaller", 0) = 3 [pid 5350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5350] munmap(0x7f094d40f000, 1048576) = 0 [pid 5350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5350] close(3) = 0 [pid 5350] mkdir("./file1", 0777) = 0 [pid 5350] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5350] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5350] chdir("./file1") = 0 [pid 5350] ioctl(4, LOOP_CLR_FD) = 0 [pid 5350] close(4) = 0 [pid 5350] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5349] <... futex resumed>) = 0 [pid 5350] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5349] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... open resumed>) = 4 [pid 5350] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... futex resumed>) = 1 [pid 5350] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5350] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5349] <... futex resumed>) = 0 [pid 5350] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5349] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] <... futex resumed>) = 0 [pid 5349] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... openat resumed>) = 5 [pid 5350] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5349] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5353]}, 88) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5349] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5353] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5353] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5350] <... write resumed>) = 40960 [pid 5350] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... open resumed>) = 6 [pid 5350] <... futex resumed>) = 0 [pid 5353] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... futex resumed>) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5353] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5349] <... futex resumed>) = 1 [ 83.570669][ T5350] loop0: detected capacity change from 0 to 2048 [pid 5349] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... write resumed>) = 1048576 [pid 5350] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5349] <... futex resumed>) = 0 [pid 5350] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5349] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5350] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] exit_group(0 [pid 5350] <... futex resumed>) = ? [pid 5353] <... futex resumed>) = ? [pid 5350] +++ exited with 0 +++ [pid 5349] <... exit_group resumed>) = ? [pid 5353] +++ exited with 0 +++ [pid 5349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5349, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5354 attached , child_tidptr=0x555555c17690) = 5354 [pid 5354] set_robust_list(0x555555c176a0, 24) = 0 [pid 5354] chdir("./64") = 0 [pid 5354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5354] setpgid(0, 0) = 0 [pid 5354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5354] write(3, "1000", 4) = 4 [pid 5354] close(3) = 0 [pid 5354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5354] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5354] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5355 attached [pid 5355] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5354] <... clone3 resumed> => {parent_tid=[5355]}, 88) = 5355 [pid 5355] set_robust_list(0x7f095582f9a0, 24 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], [pid 5355] <... set_robust_list resumed>) = 0 [pid 5355] rt_sigprocmask(SIG_SETMASK, [], [pid 5354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5355] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5355] memfd_create("syzkaller", 0 [pid 5354] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5355] <... memfd_create resumed>) = 3 [pid 5355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5355] munmap(0x7f094d40f000, 1048576) = 0 [pid 5355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5355] close(3) = 0 [pid 5355] mkdir("./file1", 0777) = 0 [pid 5355] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5355] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5355] chdir("./file1") = 0 [pid 5355] ioctl(4, LOOP_CLR_FD) = 0 [pid 5355] close(4) = 0 [pid 5355] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = 0 [pid 5354] <... futex resumed>) = 1 [pid 5355] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5354] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... open resumed>) = 4 [pid 5355] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = 1 [pid 5354] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5354] <... futex resumed>) = 0 [pid 5355] <... mount resumed>) = 0 [pid 5354] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5355] <... futex resumed>) = 0 [pid 5354] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5354] <... futex resumed>) = 0 [pid 5355] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5354] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5354] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5354] <... futex resumed>) = 0 [pid 5355] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5354] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... openat resumed>) = 5 [pid 5355] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = 1 [pid 5354] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5354] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5358 attached => {parent_tid=[5358]}, 88) = 5358 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5354] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5354] <... futex resumed>) = 0 [pid 5355] <... write resumed>) = 40960 [pid 5354] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... rseq resumed>) = 0 [pid 5355] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] set_robust_list(0x7f094d50e9a0, 24 [pid 5355] <... futex resumed>) = 0 [pid 5358] <... set_robust_list resumed>) = 0 [pid 5355] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5358] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5358] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = 0 [pid 5354] <... futex resumed>) = 1 [pid 5355] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 83.759811][ T5355] loop0: detected capacity change from 0 to 2048 [pid 5354] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... write resumed>) = 1048576 [pid 5355] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5355] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5354] <... futex resumed>) = 0 [pid 5355] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5354] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5355] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = 1 [pid 5354] exit_group(0 [pid 5355] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] <... futex resumed>) = ? [pid 5355] <... futex resumed>) = ? [pid 5354] <... exit_group resumed>) = ? [pid 5358] +++ exited with 0 +++ [pid 5355] +++ exited with 0 +++ [pid 5354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5354, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5359 ./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x555555c176a0, 24) = 0 [pid 5359] chdir("./65") = 0 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5359] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5359] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5360 attached [pid 5360] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5359] <... clone3 resumed> => {parent_tid=[5360]}, 88) = 5360 [pid 5360] <... rseq resumed>) = 0 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] set_robust_list(0x7f095582f9a0, 24 [pid 5359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5360] <... set_robust_list resumed>) = 0 [pid 5359] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5360] memfd_create("syzkaller", 0) = 3 [pid 5360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5360] munmap(0x7f094d40f000, 1048576) = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5360] close(3) = 0 [pid 5360] mkdir("./file1", 0777) = 0 [pid 5360] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5360] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5360] chdir("./file1") = 0 [pid 5360] ioctl(4, LOOP_CLR_FD) = 0 [pid 5360] close(4) = 0 [pid 5360] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... futex resumed>) = 1 [pid 5360] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5360] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5359] <... futex resumed>) = 1 [pid 5360] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5359] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... mount resumed>) = 0 [pid 5360] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5360] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5360] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5360] <... futex resumed>) = 1 [pid 5359] <... mmap resumed>) = 0x7f094d4ee000 [pid 5360] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5359] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5363]}, 88) = 5363 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5359] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5363 attached [pid 5363] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5359] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... rseq resumed>) = 0 [pid 5363] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5363] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5363] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5363] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5360] <... write resumed>) = 40960 [pid 5359] <... futex resumed>) = 0 [pid 5363] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5360] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... futex resumed>) = 0 [ 83.918396][ T5360] loop0: detected capacity change from 0 to 2048 [pid 5360] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] <... write resumed>) = 1048576 [pid 5363] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5359] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... futex resumed>) = 1 [pid 5360] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5363] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5360] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] exit_group(0 [pid 5363] <... futex resumed>) = ? [pid 5360] <... futex resumed>) = ? [pid 5359] <... exit_group resumed>) = ? [pid 5363] +++ exited with 0 +++ [pid 5360] +++ exited with 0 +++ [pid 5359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5359, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5364 ./strace-static-x86_64: Process 5364 attached [pid 5364] set_robust_list(0x555555c176a0, 24) = 0 [pid 5364] chdir("./66") = 0 [pid 5364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5364] setpgid(0, 0) = 0 [pid 5364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5364] write(3, "1000", 4) = 4 [pid 5364] close(3) = 0 [pid 5364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5364] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5364] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5364] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5365 attached => {parent_tid=[5365]}, 88) = 5365 [pid 5365] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5365] set_robust_list(0x7f095582f9a0, 24 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] <... set_robust_list resumed>) = 0 [pid 5364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5364] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5364] <... futex resumed>) = 0 [pid 5365] memfd_create("syzkaller", 0 [pid 5364] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5365] <... memfd_create resumed>) = 3 [pid 5365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5365] munmap(0x7f094d40f000, 1048576) = 0 [pid 5365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5365] close(3) = 0 [pid 5365] mkdir("./file1", 0777) = 0 [pid 5365] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5365] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5365] chdir("./file1") = 0 [pid 5365] ioctl(4, LOOP_CLR_FD) = 0 [pid 5365] close(4) = 0 [pid 5365] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5365] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5364] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... open resumed>) = 4 [pid 5365] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5365] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5364] <... futex resumed>) = 0 [pid 5365] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5364] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... mount resumed>) = 0 [pid 5365] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... futex resumed>) = 1 [pid 5365] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5365] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5364] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... openat resumed>) = 5 [pid 5365] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5364] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5364] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5368]}, 88) = 5368 ./strace-static-x86_64: Process 5368 attached [pid 5368] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] <... rseq resumed>) = 0 [pid 5364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5368] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5365] <... write resumed>) = 40960 [pid 5365] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] <... futex resumed>) = 0 [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... open resumed>) = 6 [pid 5368] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5368] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5364] <... futex resumed>) = 1 [pid 5365] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 84.091379][ T5365] loop0: detected capacity change from 0 to 2048 [pid 5364] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... write resumed>) = 1048576 [pid 5365] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5365] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5364] <... futex resumed>) = 0 [pid 5365] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5364] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5365] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5365] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] exit_group(0 [pid 5368] <... futex resumed>) = ? [pid 5365] <... futex resumed>) = ? [pid 5364] <... exit_group resumed>) = ? [pid 5368] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ [pid 5364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5364, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5369 attached , child_tidptr=0x555555c17690) = 5369 [pid 5369] set_robust_list(0x555555c176a0, 24) = 0 [pid 5369] chdir("./67") = 0 [pid 5369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5369] setpgid(0, 0) = 0 [pid 5369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5369] write(3, "1000", 4) = 4 [pid 5369] close(3) = 0 [pid 5369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5369] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5369] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5370]}, 88) = 5370 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5369] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5370 attached [pid 5370] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5370] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5370] memfd_create("syzkaller", 0) = 3 [pid 5370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5370] munmap(0x7f094d40f000, 1048576) = 0 [pid 5370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5370] close(3) = 0 [pid 5370] mkdir("./file1", 0777) = 0 [pid 5370] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5370] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5370] chdir("./file1") = 0 [pid 5370] ioctl(4, LOOP_CLR_FD) = 0 [pid 5370] close(4) = 0 [pid 5370] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5370] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] <... futex resumed>) = 0 [pid 5370] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5369] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... open resumed>) = 4 [pid 5370] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5369] <... futex resumed>) = 1 [pid 5370] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5369] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... mount resumed>) = 0 [pid 5370] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 1 [pid 5370] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5369] <... futex resumed>) = 0 [pid 5370] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5369] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5370] <... futex resumed>) = 0 [pid 5369] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... openat resumed>) = 5 [pid 5370] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5370] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5369] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5369] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5373]}, 88) = 5373 ./strace-static-x86_64: Process 5373 attached [pid 5369] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] set_robust_list(0x7f094d50e9a0, 24 [pid 5369] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... set_robust_list resumed>) = 0 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5370] <... write resumed>) = 40960 [pid 5370] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... open resumed>) = 6 [pid 5373] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5373] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5369] <... futex resumed>) = 1 [pid 5370] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 84.281298][ T5370] loop0: detected capacity change from 0 to 2048 [pid 5369] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... write resumed>) = 1048576 [pid 5370] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5370] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5369] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5369] <... futex resumed>) = 0 [pid 5370] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] exit_group(0 [pid 5373] <... futex resumed>) = ? [pid 5369] <... exit_group resumed>) = ? [pid 5370] <... futex resumed>) = ? [pid 5373] +++ exited with 0 +++ [pid 5370] +++ exited with 0 +++ [pid 5369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5369, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5374 attached , child_tidptr=0x555555c17690) = 5374 [pid 5374] set_robust_list(0x555555c176a0, 24) = 0 [pid 5374] chdir("./68") = 0 [pid 5374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5374] setpgid(0, 0) = 0 [pid 5374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5374] write(3, "1000", 4) = 4 [pid 5374] close(3) = 0 [pid 5374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5374] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5374] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5375 attached [pid 5375] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5374] <... clone3 resumed> => {parent_tid=[5375]}, 88) = 5375 [pid 5374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5374] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... rseq resumed>) = 0 [pid 5374] <... futex resumed>) = 0 [pid 5375] set_robust_list(0x7f095582f9a0, 24 [pid 5374] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5375] <... set_robust_list resumed>) = 0 [pid 5375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5375] memfd_create("syzkaller", 0) = 3 [pid 5375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5375] munmap(0x7f094d40f000, 1048576) = 0 [pid 5375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5375] close(3) = 0 [pid 5375] mkdir("./file1", 0777) = 0 [pid 5375] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5375] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5375] chdir("./file1") = 0 [pid 5375] ioctl(4, LOOP_CLR_FD) = 0 [pid 5375] close(4) = 0 [pid 5375] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5375] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5374] <... futex resumed>) = 0 [pid 5375] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5374] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... open resumed>) = 4 [pid 5375] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5374] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... mount resumed>) = 0 [pid 5374] <... futex resumed>) = 0 [pid 5375] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... futex resumed>) = 0 [pid 5374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5375] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5374] <... futex resumed>) = 0 [pid 5375] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5374] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5375] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5375] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5375] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5375] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5374] <... futex resumed>) = 0 [pid 5375] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5374] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5375] <... write resumed>) = 40960 [pid 5374] <... mmap resumed>) = 0x7f094d4ee000 [pid 5375] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE [pid 5375] <... futex resumed>) = 0 [pid 5374] <... mprotect resumed>) = 0 [pid 5375] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5378]}, 88) = 5378 ./strace-static-x86_64: Process 5378 attached [pid 5374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5374] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5374] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... rseq resumed>) = 0 [pid 5378] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5378] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5378] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5374] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 84.435381][ T5375] loop0: detected capacity change from 0 to 2048 [pid 5375] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5375] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5375] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] exit_group(0 [pid 5378] <... futex resumed>) = ? [pid 5374] <... exit_group resumed>) = ? [pid 5378] +++ exited with 0 +++ [pid 5375] +++ exited with 0 +++ [pid 5374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5374, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5379 attached , child_tidptr=0x555555c17690) = 5379 [pid 5379] set_robust_list(0x555555c176a0, 24) = 0 [pid 5379] chdir("./69") = 0 [pid 5379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5379] setpgid(0, 0) = 0 [pid 5379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5379] write(3, "1000", 4) = 4 [pid 5379] close(3) = 0 [pid 5379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5379] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5379] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5380 attached => {parent_tid=[5380]}, 88) = 5380 [pid 5380] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], [pid 5380] set_robust_list(0x7f095582f9a0, 24 [pid 5379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5380] <... set_robust_list resumed>) = 0 [pid 5379] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], [pid 5379] <... futex resumed>) = 0 [pid 5380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5379] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5380] memfd_create("syzkaller", 0) = 3 [pid 5380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5380] munmap(0x7f094d40f000, 1048576) = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5380] close(3) = 0 [pid 5380] mkdir("./file1", 0777) = 0 [pid 5380] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5380] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5380] chdir("./file1") = 0 [pid 5380] ioctl(4, LOOP_CLR_FD) = 0 [pid 5380] close(4) = 0 [pid 5380] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = 0 [pid 5379] <... futex resumed>) = 1 [pid 5380] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5379] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... open resumed>) = 4 [pid 5380] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5379] <... futex resumed>) = 0 [pid 5380] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5379] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... mount resumed>) = 0 [pid 5380] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = 0 [pid 5379] <... futex resumed>) = 1 [pid 5380] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5379] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5380] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5379] <... futex resumed>) = 0 [pid 5380] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5379] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... openat resumed>) = 5 [pid 5380] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5379] <... futex resumed>) = 0 [pid 5380] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5379] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5380] <... write resumed>) = 40960 [pid 5379] <... mmap resumed>) = 0x7f094d4ee000 [pid 5380] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] <... mprotect resumed>) = 0 [pid 5379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5383 attached [pid 5383] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5379] <... clone3 resumed> => {parent_tid=[5383]}, 88) = 5383 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], [pid 5383] <... rseq resumed>) = 0 [pid 5379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5383] set_robust_list(0x7f094d50e9a0, 24 [pid 5379] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... set_robust_list resumed>) = 0 [pid 5379] <... futex resumed>) = 0 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], [pid 5379] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5383] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5383] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5383] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = 0 [pid 5379] <... futex resumed>) = 1 [pid 5380] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 84.599699][ T5380] loop0: detected capacity change from 0 to 2048 [pid 5379] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... write resumed>) = 1048576 [pid 5380] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5380] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] exit_group(0 [pid 5383] <... futex resumed>) = ? [pid 5379] <... exit_group resumed>) = ? [pid 5383] +++ exited with 0 +++ [pid 5380] <... futex resumed>) = ? [pid 5380] +++ exited with 0 +++ [pid 5379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5379, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5384 attached , child_tidptr=0x555555c17690) = 5384 [pid 5384] set_robust_list(0x555555c176a0, 24) = 0 [pid 5384] chdir("./70") = 0 [pid 5384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5384] setpgid(0, 0) = 0 [pid 5384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5384] write(3, "1000", 4) = 4 [pid 5384] close(3) = 0 [pid 5384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5384] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5384] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5385 attached [pid 5385] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5384] <... clone3 resumed> => {parent_tid=[5385]}, 88) = 5385 [pid 5385] <... rseq resumed>) = 0 [pid 5385] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5384] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5384] <... futex resumed>) = 0 [pid 5385] memfd_create("syzkaller", 0 [pid 5384] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5385] <... memfd_create resumed>) = 3 [pid 5385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5385] munmap(0x7f094d40f000, 1048576) = 0 [pid 5385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5385] close(3) = 0 [pid 5385] mkdir("./file1", 0777) = 0 [pid 5385] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5385] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5385] chdir("./file1") = 0 [pid 5385] ioctl(4, LOOP_CLR_FD) = 0 [pid 5385] close(4) = 0 [pid 5385] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] <... futex resumed>) = 0 [pid 5384] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5385] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5384] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] <... open resumed>) = 4 [pid 5385] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5384] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5384] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] <... mount resumed>) = 0 [pid 5385] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = 0 [pid 5385] <... futex resumed>) = 1 [pid 5385] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5384] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5384] <... futex resumed>) = 0 [pid 5385] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5384] <... futex resumed>) = 0 [pid 5384] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] <... openat resumed>) = 5 [pid 5385] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5385] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] <... futex resumed>) = 0 [pid 5385] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5384] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5384] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5385] <... write resumed>) = 40960 [pid 5384] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5385] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5385] <... futex resumed>) = 0 [pid 5384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5385] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5388 attached [pid 5384] <... clone3 resumed> => {parent_tid=[5388]}, 88) = 5388 [pid 5388] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], [pid 5388] <... rseq resumed>) = 0 [pid 5384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5388] set_robust_list(0x7f094d50e9a0, 24 [pid 5384] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... set_robust_list resumed>) = 0 [pid 5384] <... futex resumed>) = 0 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], [pid 5384] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5388] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5388] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5388] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5385] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 84.802252][ T5385] loop0: detected capacity change from 0 to 2048 [pid 5384] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] <... write resumed>) = 1048576 [pid 5385] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5385] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] <... futex resumed>) = 0 [pid 5385] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5384] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5385] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] <... futex resumed>) = 0 [pid 5384] exit_group(0 [pid 5388] <... futex resumed>) = ? [pid 5384] <... exit_group resumed>) = ? [pid 5388] +++ exited with 0 +++ [pid 5385] <... futex resumed>) = ? [pid 5385] +++ exited with 0 +++ [pid 5384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5384, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5389 attached , child_tidptr=0x555555c17690) = 5389 [pid 5389] set_robust_list(0x555555c176a0, 24) = 0 [pid 5389] chdir("./71") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5389] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5390]}, 88) = 5390 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5389] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5390 attached [pid 5390] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5390] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5390] memfd_create("syzkaller", 0) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5390] munmap(0x7f094d40f000, 1048576) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./file1", 0777) = 0 [pid 5390] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5390] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file1") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5390] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 1 [pid 5390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5390] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5390] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5390] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5389] <... futex resumed>) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5389] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5393 attached => {parent_tid=[5393]}, 88) = 5393 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5389] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5393] set_robust_list(0x7f094d50e9a0, 24) = 0 [ 84.978972][ T5390] loop0: detected capacity change from 0 to 2048 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5393] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5393] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5393] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5393] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5390] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5390] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] <... write resumed>) = 1048576 [pid 5393] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5390] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5390] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] exit_group(0) = ? [pid 5390] <... futex resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5393] <... futex resumed>) = ? [pid 5393] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 85.029702][ T5390] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5394 attached , child_tidptr=0x555555c17690) = 5394 [pid 5394] set_robust_list(0x555555c176a0, 24) = 0 [pid 5394] chdir("./72") = 0 [pid 5394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5394] setpgid(0, 0) = 0 [pid 5394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5394] write(3, "1000", 4) = 4 [pid 5394] close(3) = 0 [pid 5394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5394] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5394] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5394] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5395]}, 88) = 5395 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5394] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5395 attached [pid 5395] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5395] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5395] memfd_create("syzkaller", 0) = 3 [pid 5395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5395] munmap(0x7f094d40f000, 1048576) = 0 [pid 5395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5395] close(3) = 0 [pid 5395] mkdir("./file1", 0777) = 0 [pid 5395] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5395] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5395] chdir("./file1") = 0 [pid 5395] ioctl(4, LOOP_CLR_FD) = 0 [pid 5395] close(4) = 0 [pid 5395] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5395] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5394] <... futex resumed>) = 1 [pid 5395] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5394] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... open resumed>) = 4 [pid 5395] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = 0 [pid 5394] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... futex resumed>) = 1 [pid 5395] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5395] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5394] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5394] <... futex resumed>) = 0 [pid 5395] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5394] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5394] <... futex resumed>) = 0 [pid 5395] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5394] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... openat resumed>) = 5 [pid 5395] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5394] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5394] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5394] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5398 attached => {parent_tid=[5398]}, 88) = 5398 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5394] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5394] <... futex resumed>) = 0 [pid 5398] <... rseq resumed>) = 0 [pid 5395] <... write resumed>) = 40960 [pid 5394] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] set_robust_list(0x7f094d50e9a0, 24 [pid 5395] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] <... set_robust_list resumed>) = 0 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5398] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5398] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5398] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5394] <... futex resumed>) = 1 [pid 5395] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 85.148090][ T5395] loop0: detected capacity change from 0 to 2048 [pid 5394] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... write resumed>) = 1048576 [pid 5395] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5394] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5394] <... futex resumed>) = 0 [pid 5395] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5394] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5395] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] exit_group(0) = ? [pid 5398] <... futex resumed>) = ? [pid 5398] +++ exited with 0 +++ [pid 5395] <... futex resumed>) = ? [pid 5395] +++ exited with 0 +++ [pid 5394] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5394, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5399 attached , child_tidptr=0x555555c17690) = 5399 [pid 5399] set_robust_list(0x555555c176a0, 24) = 0 [pid 5399] chdir("./73") = 0 [pid 5399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5399] setpgid(0, 0) = 0 [pid 5399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5399] write(3, "1000", 4) = 4 [pid 5399] close(3) = 0 [pid 5399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5399] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5399] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5400]}, 88) = 5400 [pid 5399] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5400 attached NULL, 8) = 0 [pid 5400] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5399] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... rseq resumed>) = 0 [pid 5399] <... futex resumed>) = 0 [pid 5400] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5399] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5400] memfd_create("syzkaller", 0) = 3 [pid 5400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5400] munmap(0x7f094d40f000, 1048576) = 0 [pid 5400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5400] close(3) = 0 [pid 5400] mkdir("./file1", 0777) = 0 [pid 5400] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5400] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5400] chdir("./file1") = 0 [pid 5400] ioctl(4, LOOP_CLR_FD) = 0 [pid 5400] close(4) = 0 [pid 5400] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5400] <... futex resumed>) = 1 [pid 5399] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... open resumed>) = 4 [pid 5400] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5400] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5400] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5399] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... mount resumed>) = 0 [pid 5400] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5400] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5400] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5399] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5400] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5400] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5400] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5399] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... openat resumed>) = 5 [pid 5400] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5399] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5403 attached [pid 5403] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5399] <... clone3 resumed> => {parent_tid=[5403]}, 88) = 5403 [pid 5403] <... rseq resumed>) = 0 [pid 5399] rt_sigprocmask(SIG_SETMASK, [], [pid 5403] set_robust_list(0x7f094d50e9a0, 24 [pid 5399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] <... set_robust_list resumed>) = 0 [pid 5399] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], [pid 5399] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5403] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5403] <... futex resumed>) = 1 [pid 5399] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... write resumed>) = 40960 [pid 5400] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 85.333737][ T5400] loop0: detected capacity change from 0 to 2048 [pid 5400] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] <... write resumed>) = 1048576 [pid 5403] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5399] <... futex resumed>) = 1 [pid 5400] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5399] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... futex resumed>) = 1 [pid 5400] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5403] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5400] <... futex resumed>) = 1 [pid 5400] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] exit_group(0 [pid 5403] <... futex resumed>) = ? [pid 5403] +++ exited with 0 +++ [pid 5400] <... futex resumed>) = ? [pid 5399] <... exit_group resumed>) = ? [pid 5400] +++ exited with 0 +++ [pid 5399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5399, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5404 attached , child_tidptr=0x555555c17690) = 5404 [pid 5404] set_robust_list(0x555555c176a0, 24) = 0 [pid 5404] chdir("./74") = 0 [pid 5404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5404] setpgid(0, 0) = 0 [pid 5404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5404] write(3, "1000", 4) = 4 [pid 5404] close(3) = 0 [pid 5404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5404] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5404] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5405 attached => {parent_tid=[5405]}, 88) = 5405 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5404] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5405] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5405] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5405] memfd_create("syzkaller", 0) = 3 [pid 5405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5405] munmap(0x7f094d40f000, 1048576) = 0 [pid 5405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5405] close(3) = 0 [pid 5405] mkdir("./file1", 0777) = 0 [pid 5405] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5405] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5405] chdir("./file1") = 0 [pid 5405] ioctl(4, LOOP_CLR_FD) = 0 [pid 5405] close(4) = 0 [pid 5405] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] <... futex resumed>) = 0 [pid 5404] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5405] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5405] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5405] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5405] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5405] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 0 [pid 5404] <... futex resumed>) = 1 [pid 5405] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5404] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... openat resumed>) = 5 [pid 5405] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 0 [pid 5404] <... futex resumed>) = 1 [pid 5405] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5404] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5404] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5408 attached [pid 5408] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5408] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5404] <... clone3 resumed> => {parent_tid=[5408]}, 88) = 5408 [pid 5408] rt_sigprocmask(SIG_SETMASK, [], [pid 5404] rt_sigprocmask(SIG_SETMASK, [], [pid 5408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5405] <... write resumed>) = 40960 [pid 5404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5408] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 85.506054][ T5405] loop0: detected capacity change from 0 to 2048 [pid 5404] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... futex resumed>) = 0 [pid 5408] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5408] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 0 [pid 5404] <... futex resumed>) = 1 [pid 5405] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5404] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] <... write resumed>) = 1048576 [pid 5405] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5405] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5405] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] exit_group(0) = ? [pid 5408] <... futex resumed>) = ? [pid 5408] +++ exited with 0 +++ [pid 5405] <... futex resumed>) = ? [pid 5405] +++ exited with 0 +++ [pid 5404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5404, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5409 attached , child_tidptr=0x555555c17690) = 5409 [pid 5409] set_robust_list(0x555555c176a0, 24) = 0 [pid 5409] chdir("./75") = 0 [pid 5409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5409] setpgid(0, 0) = 0 [pid 5409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5409] write(3, "1000", 4) = 4 [pid 5409] close(3) = 0 [pid 5409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5409] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5409] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5410 attached => {parent_tid=[5410]}, 88) = 5410 [pid 5410] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5409] rt_sigprocmask(SIG_SETMASK, [], [pid 5410] <... rseq resumed>) = 0 [pid 5409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5410] set_robust_list(0x7f095582f9a0, 24 [pid 5409] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... set_robust_list resumed>) = 0 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], [pid 5409] <... futex resumed>) = 0 [pid 5410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5409] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5410] memfd_create("syzkaller", 0) = 3 [pid 5410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5410] munmap(0x7f094d40f000, 1048576) = 0 [pid 5410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5410] close(3) = 0 [pid 5410] mkdir("./file1", 0777) = 0 [pid 5410] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5410] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5410] chdir("./file1") = 0 [pid 5410] ioctl(4, LOOP_CLR_FD) = 0 [pid 5410] close(4) = 0 [pid 5410] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5410] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5410] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... futex resumed>) = 1 [pid 5410] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5410] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... futex resumed>) = 1 [pid 5410] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5410] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... futex resumed>) = 1 [pid 5410] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5410] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5409] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5413 attached => {parent_tid=[5413]}, 88) = 5413 [pid 5409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5409] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... futex resumed>) = 1 [pid 5410] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5413] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5413] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5413] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5413] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [ 85.696559][ T5410] loop0: detected capacity change from 0 to 2048 [pid 5409] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... write resumed>) = 40960 [pid 5410] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5413] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5413] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5409] <... futex resumed>) = 1 [pid 5410] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5409] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5410] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5410] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] exit_group(0 [pid 5410] <... futex resumed>) = ? [pid 5413] <... futex resumed>) = ? [pid 5409] <... exit_group resumed>) = ? [pid 5410] +++ exited with 0 +++ [pid 5413] +++ exited with 0 +++ [pid 5409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5409, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5414 ./strace-static-x86_64: Process 5414 attached [pid 5414] set_robust_list(0x555555c176a0, 24) = 0 [pid 5414] chdir("./76") = 0 [pid 5414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5414] setpgid(0, 0) = 0 [pid 5414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5414] write(3, "1000", 4) = 4 [pid 5414] close(3) = 0 [pid 5414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5414] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5414] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5415 attached => {parent_tid=[5415]}, 88) = 5415 [pid 5415] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5415] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5415] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5414] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = 0 [pid 5414] <... futex resumed>) = 1 [pid 5414] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5415] memfd_create("syzkaller", 0) = 3 [pid 5415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5415] munmap(0x7f094d40f000, 1048576) = 0 [pid 5415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5415] close(3) = 0 [pid 5415] mkdir("./file1", 0777) = 0 [pid 5415] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5415] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5415] chdir("./file1") = 0 [pid 5415] ioctl(4, LOOP_CLR_FD) = 0 [pid 5415] close(4) = 0 [pid 5415] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5415] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5414] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... open resumed>) = 4 [pid 5415] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [pid 5415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5415] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [pid 5415] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5415] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [pid 5415] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5415] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] <... futex resumed>) = 1 [pid 5414] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5414] <... futex resumed>) = 0 [pid 5414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5414] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5418]}, 88) = 5418 ./strace-static-x86_64: Process 5418 attached [pid 5414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5414] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5415] <... write resumed>) = 40960 [pid 5414] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... rseq resumed>) = 0 [pid 5415] <... futex resumed>) = 0 [pid 5418] set_robust_list(0x7f094d50e9a0, 24 [pid 5415] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] <... set_robust_list resumed>) = 0 [pid 5418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5418] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5418] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = 0 [pid 5415] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5414] <... futex resumed>) = 1 [pid 5418] <... futex resumed>) = 1 [pid 5414] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 85.887606][ T5415] loop0: detected capacity change from 0 to 2048 [pid 5418] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] <... write resumed>) = 1048576 [pid 5415] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5415] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] <... futex resumed>) = 0 [pid 5415] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5414] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5415] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5415] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] exit_group(0 [pid 5418] <... futex resumed>) = ? [pid 5415] <... futex resumed>) = ? [pid 5414] <... exit_group resumed>) = ? [pid 5418] +++ exited with 0 +++ [pid 5415] +++ exited with 0 +++ [pid 5414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5414, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5419 ./strace-static-x86_64: Process 5419 attached [pid 5419] set_robust_list(0x555555c176a0, 24) = 0 [pid 5419] chdir("./77") = 0 [pid 5419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5419] setpgid(0, 0) = 0 [pid 5419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5419] write(3, "1000", 4) = 4 [pid 5419] close(3) = 0 [pid 5419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5419] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5419] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5420 attached => {parent_tid=[5420]}, 88) = 5420 [pid 5420] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5420] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5420] rt_sigprocmask(SIG_SETMASK, [], [pid 5419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5419] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5420] memfd_create("syzkaller", 0) = 3 [pid 5420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5420] munmap(0x7f094d40f000, 1048576) = 0 [pid 5420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5420] close(3) = 0 [pid 5420] mkdir("./file1", 0777) = 0 [pid 5420] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5420] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5420] chdir("./file1") = 0 [pid 5420] ioctl(4, LOOP_CLR_FD) = 0 [pid 5420] close(4) = 0 [pid 5420] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5419] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5420] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5419] <... futex resumed>) = 1 [pid 5420] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5420] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5419] <... futex resumed>) = 1 [pid 5420] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5419] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5420] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5419] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... openat resumed>) = 5 [pid 5420] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5419] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5419] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5424]}, 88) = 5424 [pid 5419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5419] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5424 attached [pid 5424] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5424] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5424] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5424] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5424] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] <... futex resumed>) = 0 [pid 5424] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5419] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... write resumed>) = 40960 [pid 5420] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.054638][ T5420] loop0: detected capacity change from 0 to 2048 [pid 5420] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] <... write resumed>) = 1048576 [pid 5424] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5424] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5420] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5420] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] <... futex resumed>) = 1 [pid 5419] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] exit_group(0 [pid 5420] <... futex resumed>) = ? [pid 5424] <... futex resumed>) = ? [pid 5424] +++ exited with 0 +++ [pid 5420] +++ exited with 0 +++ [pid 5419] <... exit_group resumed>) = ? [pid 5419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5419, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5425 ./strace-static-x86_64: Process 5425 attached [pid 5425] set_robust_list(0x555555c176a0, 24) = 0 [pid 5425] chdir("./78") = 0 [pid 5425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5425] setpgid(0, 0) = 0 [pid 5425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5425] write(3, "1000", 4) = 4 [pid 5425] close(3) = 0 [pid 5425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5425] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5425] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5426]}, 88) = 5426 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5425] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5426 attached [pid 5426] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5426] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5426] memfd_create("syzkaller", 0) = 3 [pid 5426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5426] munmap(0x7f094d40f000, 1048576) = 0 [pid 5426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5426] close(3) = 0 [pid 5426] mkdir("./file1", 0777) = 0 [pid 5426] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5426] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5426] chdir("./file1") = 0 [pid 5426] ioctl(4, LOOP_CLR_FD) = 0 [pid 5426] close(4) = 0 [pid 5426] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5426] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] <... futex resumed>) = 0 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... mount resumed>) = 0 [pid 5426] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5426] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5425] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... openat resumed>) = 5 [pid 5426] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5426] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5425] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5429 attached [ 86.225968][ T5426] loop0: detected capacity change from 0 to 2048 [pid 5429] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5425] <... clone3 resumed> => {parent_tid=[5429]}, 88) = 5429 [pid 5429] <... rseq resumed>) = 0 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], [pid 5429] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5429] rt_sigprocmask(SIG_SETMASK, [], [pid 5425] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5425] <... futex resumed>) = 0 [pid 5429] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5425] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... open resumed>) = 6 [pid 5429] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5429] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... futex resumed>) = 0 [pid 5429] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5425] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5429] <... write resumed>) = 1048576 [pid 5425] futex(0x7f09558fc6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5429] <... futex resumed>) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5429] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] <... mmap resumed>) = 0x7f094d4cd000 [pid 5425] mprotect(0x7f094d4ce000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d4ed990, parent_tid=0x7f094d4ed990, exit_signal=0, stack=0x7f094d4cd000, stack_size=0x20300, tls=0x7f094d4ed6c0} => {parent_tid=[5430]}, 88) = 5430 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5425] futex(0x7f09558fc6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f09558fc6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5430 attached [pid 5430] rseq(0x7f094d4edfe0, 0x20, 0, 0x53053053) = 0 [pid 5430] set_robust_list(0x7f094d4ed9a0, 24) = 0 [pid 5430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5430] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5430] futex(0x7f09558fc6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5430] <... futex resumed>) = 1 [ 86.294934][ T5426] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 86.309297][ T5426] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 86.321393][ T5426] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz-executor264: mark_inode_dirty error [ 86.335462][ T5426] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 86.348860][ T5426] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [ 86.358958][ T5426] EXT4-fs error (device loop0): ext4_ext_truncate:4399: inode #16: comm syz-executor264: mark_inode_dirty error [ 86.371338][ T5426] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 [ 86.385001][ T5426] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5752: Corrupt filesystem [pid 5430] futex(0x7f09558fc6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5426] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] exit_group(0 [pid 5430] <... futex resumed>) = ? [pid 5429] <... futex resumed>) = ? [pid 5429] +++ exited with 0 +++ [pid 5426] <... futex resumed>) = ? [pid 5425] <... exit_group resumed>) = ? [pid 5430] +++ exited with 0 +++ [pid 5426] +++ exited with 0 +++ [pid 5425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5425, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 [ 86.394691][ T5426] EXT4-fs error (device loop0): ext4_truncate:4184: inode #16: comm syz-executor264: mark_inode_dirty error [ 86.407024][ T5426] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5431 ./strace-static-x86_64: Process 5431 attached [pid 5431] set_robust_list(0x555555c176a0, 24) = 0 [pid 5431] chdir("./79") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5431] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5431] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5432 attached [pid 5432] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5431] <... clone3 resumed> => {parent_tid=[5432]}, 88) = 5432 [pid 5432] <... rseq resumed>) = 0 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5432] set_robust_list(0x7f095582f9a0, 24 [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5432] <... set_robust_list resumed>) = 0 [pid 5431] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] rt_sigprocmask(SIG_SETMASK, [], [pid 5431] <... futex resumed>) = 0 [pid 5432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5431] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5432] memfd_create("syzkaller", 0) = 3 [pid 5432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5432] munmap(0x7f094d40f000, 1048576) = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5432] close(3) = 0 [pid 5432] mkdir("./file1", 0777) = 0 [pid 5432] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5432] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5432] chdir("./file1") = 0 [pid 5432] ioctl(4, LOOP_CLR_FD) = 0 [pid 5432] close(4) = 0 [pid 5432] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5432] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5431] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... open resumed>) = 4 [pid 5432] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] <... futex resumed>) = 0 [pid 5432] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5431] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... mount resumed>) = 0 [pid 5432] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5432] <... futex resumed>) = 0 [pid 5431] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... openat resumed>) = 5 [pid 5432] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] <... futex resumed>) = 0 [pid 5432] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5431] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5431] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5435 attached [pid 5435] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5431] <... clone3 resumed> => {parent_tid=[5435]}, 88) = 5435 [pid 5435] <... rseq resumed>) = 0 [pid 5432] <... write resumed>) = 40960 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5435] set_robust_list(0x7f094d50e9a0, 24 [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5435] <... set_robust_list resumed>) = 0 [pid 5435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5431] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5435] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5431] <... futex resumed>) = 0 [pid 5435] <... open resumed>) = 6 [pid 5431] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5432] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5431] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [ 86.514651][ T5432] loop0: detected capacity change from 0 to 2048 [pid 5435] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] <... write resumed>) = 1048576 [pid 5432] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] <... futex resumed>) = 0 [pid 5432] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5431] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] exit_group(0 [pid 5435] <... futex resumed>) = ? [pid 5435] +++ exited with 0 +++ [pid 5432] <... futex resumed>) = ? [pid 5431] <... exit_group resumed>) = ? [pid 5432] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5436 attached , child_tidptr=0x555555c17690) = 5436 [pid 5436] set_robust_list(0x555555c176a0, 24) = 0 [pid 5436] chdir("./80") = 0 [pid 5436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5436] setpgid(0, 0) = 0 [pid 5436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5436] write(3, "1000", 4) = 4 [pid 5436] close(3) = 0 [pid 5436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5436] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5436] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5437 attached => {parent_tid=[5437]}, 88) = 5437 [pid 5437] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5437] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5437] rt_sigprocmask(SIG_SETMASK, [], [pid 5436] rt_sigprocmask(SIG_SETMASK, [], [pid 5437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5437] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5436] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5437] memfd_create("syzkaller", 0) = 3 [pid 5437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5436] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5437] <... write resumed>) = 1048576 [pid 5437] munmap(0x7f094d40f000, 1048576) = 0 [pid 5437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5437] close(3) = 0 [pid 5437] mkdir("./file1", 0777) = 0 [pid 5437] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5437] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5437] chdir("./file1") = 0 [pid 5437] ioctl(4, LOOP_CLR_FD) = 0 [pid 5437] close(4) = 0 [pid 5437] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5437] <... futex resumed>) = 1 [pid 5436] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] <... open resumed>) = 4 [pid 5437] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5437] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5436] <... futex resumed>) = 0 [pid 5437] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5436] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5436] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5436] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5437] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5437] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5436] <... futex resumed>) = 0 [pid 5436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5436] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5437] <... write resumed>) = 40960 [pid 5437] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5440 attached [pid 5436] <... clone3 resumed> => {parent_tid=[5440]}, 88) = 5440 [pid 5440] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5436] rt_sigprocmask(SIG_SETMASK, [], [pid 5440] <... rseq resumed>) = 0 [pid 5436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5440] set_robust_list(0x7f094d50e9a0, 24 [pid 5436] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... set_robust_list resumed>) = 0 [pid 5436] <... futex resumed>) = 0 [pid 5440] rt_sigprocmask(SIG_SETMASK, [], [pid 5436] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5440] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5440] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] <... futex resumed>) = 0 [ 86.683237][ T5437] loop0: detected capacity change from 0 to 2048 [pid 5436] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = 0 [pid 5436] <... futex resumed>) = 1 [pid 5437] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5436] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] <... write resumed>) = 1048576 [pid 5437] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5437] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5437] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5436] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5437] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5437] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] exit_group(0 [pid 5440] <... futex resumed>) = ? [pid 5437] <... futex resumed>) = ? [pid 5436] <... exit_group resumed>) = ? [pid 5440] +++ exited with 0 +++ [pid 5437] +++ exited with 0 +++ [pid 5436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5436, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5441 attached [pid 5441] set_robust_list(0x555555c176a0, 24) = 0 [pid 5441] chdir("./81" [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5441 [pid 5441] <... chdir resumed>) = 0 [pid 5441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5441] setpgid(0, 0) = 0 [pid 5441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5441] write(3, "1000", 4) = 4 [pid 5441] close(3) = 0 [pid 5441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5441] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5441] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5442]}, 88) = 5442 ./strace-static-x86_64: Process 5442 attached [pid 5441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5441] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5441] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5442] <... rseq resumed>) = 0 [pid 5442] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5442] memfd_create("syzkaller", 0) = 3 [pid 5442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5442] munmap(0x7f094d40f000, 1048576) = 0 [pid 5442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5442] close(3) = 0 [pid 5442] mkdir("./file1", 0777) = 0 [pid 5442] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5442] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5442] chdir("./file1") = 0 [pid 5442] ioctl(4, LOOP_CLR_FD) = 0 [pid 5442] close(4) = 0 [pid 5442] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5442] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5441] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... open resumed>) = 4 [pid 5442] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5442] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5441] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5442] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... futex resumed>) = 1 [pid 5442] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5442] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5442] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5441] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5445 attached => {parent_tid=[5445]}, 88) = 5445 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5445] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5441] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... futex resumed>) = 1 [pid 5442] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5445] <... rseq resumed>) = 0 [pid 5445] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5445] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5445] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... write resumed>) = 40960 [pid 5441] <... futex resumed>) = 0 [pid 5445] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5441] <... futex resumed>) = 0 [pid 5442] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... futex resumed>) = 0 [ 86.855383][ T5442] loop0: detected capacity change from 0 to 2048 [pid 5442] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5445] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5445] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5441] <... futex resumed>) = 1 [pid 5442] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5441] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5442] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5442] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] exit_group(0) = ? [pid 5442] <... futex resumed>) = ? [pid 5445] <... futex resumed>) = ? [pid 5442] +++ exited with 0 +++ [pid 5445] +++ exited with 0 +++ [pid 5441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5441, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5446 attached , child_tidptr=0x555555c17690) = 5446 [pid 5446] set_robust_list(0x555555c176a0, 24) = 0 [pid 5446] chdir("./82") = 0 [pid 5446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5446] setpgid(0, 0) = 0 [pid 5446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5446] write(3, "1000", 4) = 4 [pid 5446] close(3) = 0 [pid 5446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5446] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5446] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5447 attached [pid 5447] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5446] <... clone3 resumed> => {parent_tid=[5447]}, 88) = 5447 [pid 5447] set_robust_list(0x7f095582f9a0, 24 [pid 5446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5446] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5447] <... set_robust_list resumed>) = 0 [pid 5447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5447] memfd_create("syzkaller", 0) = 3 [pid 5447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5447] munmap(0x7f094d40f000, 1048576) = 0 [pid 5447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5447] close(3) = 0 [pid 5447] mkdir("./file1", 0777) = 0 [pid 5447] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5447] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5447] chdir("./file1") = 0 [pid 5447] ioctl(4, LOOP_CLR_FD) = 0 [pid 5447] close(4) = 0 [pid 5447] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5447] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5447] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... open resumed>) = 4 [pid 5447] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5447] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5447] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5447] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5446] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5447] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5450 attached [pid 5447] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5446] <... clone3 resumed> => {parent_tid=[5450]}, 88) = 5450 [pid 5446] rt_sigprocmask(SIG_SETMASK, [], [pid 5450] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5446] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... rseq resumed>) = 0 [pid 5450] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5450] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5450] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... write resumed>) = 40960 [pid 5447] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 87.025542][ T27] cfg80211: failed to load regulatory.db [ 87.027331][ T5447] loop0: detected capacity change from 0 to 2048 [pid 5447] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] <... write resumed>) = 1048576 [pid 5450] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5450] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... futex resumed>) = 0 [pid 5446] <... futex resumed>) = 1 [pid 5447] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5446] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5447] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5446] exit_group(0 [pid 5450] <... futex resumed>) = ? [pid 5446] <... exit_group resumed>) = ? [pid 5450] +++ exited with 0 +++ [pid 5447] +++ exited with 0 +++ [pid 5446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5446, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5451 attached [pid 5451] set_robust_list(0x555555c176a0, 24) = 0 [pid 5451] chdir("./83") = 0 [pid 5451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5451] setpgid(0, 0) = 0 [pid 5451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5451] write(3, "1000", 4) = 4 [pid 5451] close(3) = 0 [pid 5451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5451] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5451] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5451] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5452 attached => {parent_tid=[5452]}, 88) = 5452 [pid 5452] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5451] rt_sigprocmask(SIG_SETMASK, [], [pid 5452] <... rseq resumed>) = 0 [pid 5451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5452] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5451] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] rt_sigprocmask(SIG_SETMASK, [], [pid 5451] <... futex resumed>) = 0 [pid 5452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5452] memfd_create("syzkaller", 0 [pid 5451] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5452] <... memfd_create resumed>) = 3 [pid 5452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5451 [pid 5452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5452] munmap(0x7f094d40f000, 1048576) = 0 [pid 5452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5452] close(3) = 0 [pid 5452] mkdir("./file1", 0777) = 0 [pid 5452] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5452] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5452] chdir("./file1") = 0 [pid 5452] ioctl(4, LOOP_CLR_FD) = 0 [pid 5452] close(4) = 0 [pid 5452] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5452] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5451] <... futex resumed>) = 0 [pid 5451] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] <... open resumed>) = 4 [pid 5452] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5452] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5451] <... futex resumed>) = 0 [pid 5452] <... mount resumed>) = 0 [pid 5451] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] <... futex resumed>) = 0 [pid 5451] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5452] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] <... futex resumed>) = 0 [pid 5451] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = 0 [pid 5451] <... futex resumed>) = 1 [pid 5452] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5451] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] <... openat resumed>) = 5 [pid 5452] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5452] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] <... futex resumed>) = 0 [pid 5452] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5451] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5451] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5455 attached [pid 5455] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5452] <... write resumed>) = 40960 [pid 5451] <... clone3 resumed> => {parent_tid=[5455]}, 88) = 5455 [pid 5455] <... rseq resumed>) = 0 [pid 5452] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] set_robust_list(0x7f094d50e9a0, 24 [pid 5451] rt_sigprocmask(SIG_SETMASK, [], [pid 5455] <... set_robust_list resumed>) = 0 [pid 5452] <... futex resumed>) = 0 [pid 5455] rt_sigprocmask(SIG_SETMASK, [], [pid 5452] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5451] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5451] <... futex resumed>) = 0 [pid 5455] <... open resumed>) = 6 [pid 5455] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... futex resumed>) = 0 [pid 5451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5455] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = 0 [pid 5451] <... futex resumed>) = 1 [pid 5452] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 87.201324][ T5452] loop0: detected capacity change from 0 to 2048 [pid 5451] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] <... write resumed>) = 1048576 [pid 5452] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5452] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] <... futex resumed>) = 0 [pid 5452] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5451] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5452] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5452] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] exit_group(0) = ? [pid 5455] <... futex resumed>) = ? [pid 5452] <... futex resumed>) = ? [pid 5455] +++ exited with 0 +++ [pid 5452] +++ exited with 0 +++ [pid 5451] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5451, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5456 ./strace-static-x86_64: Process 5456 attached [pid 5456] set_robust_list(0x555555c176a0, 24) = 0 [pid 5456] chdir("./84") = 0 [pid 5456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5456] setpgid(0, 0) = 0 [pid 5456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5456] write(3, "1000", 4) = 4 [pid 5456] close(3) = 0 [pid 5456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5456] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5456] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5457 attached => {parent_tid=[5457]}, 88) = 5457 [pid 5457] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5457] <... rseq resumed>) = 0 [pid 5456] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] set_robust_list(0x7f095582f9a0, 24 [pid 5456] <... futex resumed>) = 0 [pid 5457] <... set_robust_list resumed>) = 0 [pid 5456] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5457] memfd_create("syzkaller", 0) = 3 [pid 5457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5457] munmap(0x7f094d40f000, 1048576) = 0 [pid 5457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5457] close(3) = 0 [pid 5457] mkdir("./file1", 0777) = 0 [pid 5457] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5457] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5457] chdir("./file1") = 0 [pid 5457] ioctl(4, LOOP_CLR_FD) = 0 [pid 5457] close(4) = 0 [pid 5457] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] <... futex resumed>) = 0 [pid 5457] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5456] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... open resumed>) = 4 [pid 5457] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] <... futex resumed>) = 0 [pid 5457] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5456] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... mount resumed>) = 0 [pid 5457] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] <... futex resumed>) = 0 [pid 5457] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5456] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5457] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = 1 [pid 5456] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... openat resumed>) = 5 [pid 5457] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5456] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5457] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5460 attached => {parent_tid=[5460]}, 88) = 5460 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5456] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 87.378175][ T5457] loop0: detected capacity change from 0 to 2048 [pid 5460] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5457] <... write resumed>) = 40960 [pid 5460] set_robust_list(0x7f094d50e9a0, 24 [pid 5457] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... set_robust_list resumed>) = 0 [pid 5457] <... futex resumed>) = 0 [pid 5460] rt_sigprocmask(SIG_SETMASK, [], [pid 5457] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5460] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5460] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5460] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5457] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5456] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... write resumed>) = 1048576 [pid 5457] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5457] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5456] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5457] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] exit_group(0 [pid 5457] <... futex resumed>) = ? [pid 5456] <... exit_group resumed>) = ? [pid 5457] +++ exited with 0 +++ [pid 5460] <... futex resumed>) = ? [pid 5460] +++ exited with 0 +++ [pid 5456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5456, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5461 attached , child_tidptr=0x555555c17690) = 5461 [pid 5461] set_robust_list(0x555555c176a0, 24) = 0 [pid 5461] chdir("./85") = 0 [pid 5461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5461] setpgid(0, 0) = 0 [pid 5461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5461] write(3, "1000", 4) = 4 [pid 5461] close(3) = 0 [pid 5461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5461] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5461] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5461] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5462 attached => {parent_tid=[5462]}, 88) = 5462 [pid 5462] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5461] rt_sigprocmask(SIG_SETMASK, [], [pid 5462] <... rseq resumed>) = 0 [pid 5462] set_robust_list(0x7f095582f9a0, 24 [pid 5461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5462] <... set_robust_list resumed>) = 0 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], [pid 5461] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5461] <... futex resumed>) = 0 [pid 5462] memfd_create("syzkaller", 0 [pid 5461] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5462] <... memfd_create resumed>) = 3 [pid 5462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5462] munmap(0x7f094d40f000, 1048576) = 0 [pid 5462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5462] close(3) = 0 [pid 5462] mkdir("./file1", 0777) = 0 [pid 5462] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5462] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5462] chdir("./file1") = 0 [pid 5462] ioctl(4, LOOP_CLR_FD) = 0 [pid 5462] close(4) = 0 [pid 5462] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5462] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5462] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5462] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5461] <... futex resumed>) = 0 [pid 5462] <... mount resumed>) = 0 [pid 5461] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5462] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] <... futex resumed>) = 0 [pid 5462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5461] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... openat resumed>) = 5 [pid 5462] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] <... futex resumed>) = 1 [pid 5461] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5461] <... futex resumed>) = 0 [pid 5461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5461] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5465]}, 88) = 5465 ./strace-static-x86_64: Process 5465 attached [pid 5461] rt_sigprocmask(SIG_SETMASK, [], [pid 5465] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5465] <... rseq resumed>) = 0 [pid 5461] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] set_robust_list(0x7f094d50e9a0, 24 [pid 5461] <... futex resumed>) = 0 [pid 5465] <... set_robust_list resumed>) = 0 [pid 5461] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5462] <... write resumed>) = 40960 [pid 5465] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5462] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] <... open resumed>) = 6 [pid 5465] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5465] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5461] <... futex resumed>) = 1 [pid 5462] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 87.546611][ T5462] loop0: detected capacity change from 0 to 2048 [pid 5461] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... write resumed>) = 1048576 [pid 5462] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5462] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5461] <... futex resumed>) = 1 [pid 5462] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5461] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5462] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5462] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] exit_group(0 [pid 5465] <... futex resumed>) = ? [pid 5462] <... futex resumed>) = ? [pid 5461] <... exit_group resumed>) = ? [pid 5465] +++ exited with 0 +++ [pid 5462] +++ exited with 0 +++ [pid 5461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5461, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5466 attached [pid 5466] set_robust_list(0x555555c176a0, 24 [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5466 [pid 5466] <... set_robust_list resumed>) = 0 [pid 5466] chdir("./86") = 0 [pid 5466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5466] setpgid(0, 0) = 0 [pid 5466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5466] write(3, "1000", 4) = 4 [pid 5466] close(3) = 0 [pid 5466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5466] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5466] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5466] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5467 attached => {parent_tid=[5467]}, 88) = 5467 [pid 5467] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], [pid 5467] <... rseq resumed>) = 0 [pid 5466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5467] set_robust_list(0x7f095582f9a0, 24 [pid 5466] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... set_robust_list resumed>) = 0 [pid 5466] <... futex resumed>) = 0 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5466] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5467] memfd_create("syzkaller", 0) = 3 [pid 5467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5467] munmap(0x7f094d40f000, 1048576) = 0 [pid 5467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5467] close(3) = 0 [pid 5467] mkdir("./file1", 0777) = 0 [pid 5467] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5467] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5467] chdir("./file1") = 0 [pid 5467] ioctl(4, LOOP_CLR_FD) = 0 [pid 5467] close(4) = 0 [pid 5467] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5466] <... futex resumed>) = 0 [pid 5467] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5466] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... open resumed>) = 4 [pid 5467] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... futex resumed>) = 1 [pid 5467] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5467] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] <... futex resumed>) = 1 [pid 5466] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5467] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... futex resumed>) = 0 [pid 5467] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5467] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5466] <... futex resumed>) = 1 [pid 5467] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5466] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5466] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5470 attached => {parent_tid=[5470]}, 88) = 5470 [pid 5470] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], [pid 5470] set_robust_list(0x7f094d50e9a0, 24 [pid 5467] <... write resumed>) = 40960 [pid 5470] <... set_robust_list resumed>) = 0 [pid 5466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5467] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] rt_sigprocmask(SIG_SETMASK, [], [pid 5466] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5467] <... futex resumed>) = 0 [pid 5466] <... futex resumed>) = 0 [pid 5470] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5467] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] <... open resumed>) = 6 [ 87.712069][ T5467] loop0: detected capacity change from 0 to 2048 [pid 5470] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5466] <... futex resumed>) = 1 [pid 5467] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5466] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] <... write resumed>) = 1048576 [pid 5467] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5466] <... futex resumed>) = 0 [pid 5467] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5466] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5467] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] exit_group(0 [pid 5470] <... futex resumed>) = ? [pid 5467] <... futex resumed>) = ? [pid 5466] <... exit_group resumed>) = ? [pid 5470] +++ exited with 0 +++ [pid 5467] +++ exited with 0 +++ [pid 5466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5466, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5471 attached [pid 5471] set_robust_list(0x555555c176a0, 24) = 0 [pid 5471] chdir("./87") = 0 [pid 5471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5471] setpgid(0, 0) = 0 [pid 5471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5471 [pid 5471] <... openat resumed>) = 3 [pid 5471] write(3, "1000", 4) = 4 [pid 5471] close(3) = 0 [pid 5471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5471] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5471] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5472 attached => {parent_tid=[5472]}, 88) = 5472 [pid 5472] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5471] rt_sigprocmask(SIG_SETMASK, [], [pid 5472] set_robust_list(0x7f095582f9a0, 24 [pid 5471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5472] <... set_robust_list resumed>) = 0 [pid 5471] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] rt_sigprocmask(SIG_SETMASK, [], [pid 5471] <... futex resumed>) = 0 [pid 5472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5471] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5472] memfd_create("syzkaller", 0) = 3 [pid 5472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5472] munmap(0x7f094d40f000, 1048576) = 0 [pid 5472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5472] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5472] close(3) = 0 [pid 5472] mkdir("./file1", 0777) = 0 [pid 5472] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5472] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5472] chdir("./file1") = 0 [pid 5472] ioctl(4, LOOP_CLR_FD) = 0 [pid 5472] close(4) = 0 [pid 5472] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... futex resumed>) = 0 [pid 5472] <... futex resumed>) = 1 [pid 5471] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5471] <... futex resumed>) = 0 [pid 5471] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... open resumed>) = 4 [pid 5472] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] <... futex resumed>) = 0 [pid 5472] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5472] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5471] <... futex resumed>) = 0 [pid 5472] <... mount resumed>) = 0 [pid 5471] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... futex resumed>) = 0 [pid 5472] <... futex resumed>) = 1 [pid 5472] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5471] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5471] <... futex resumed>) = 0 [pid 5472] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... futex resumed>) = 0 [pid 5471] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5472] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5472] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5471] <... futex resumed>) = 0 [pid 5471] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... openat resumed>) = 5 [pid 5472] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] <... futex resumed>) = 0 [pid 5472] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5471] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5471] <... futex resumed>) = 0 [pid 5471] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5471] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5475]}, 88) = 5475 [pid 5471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5471] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5475 attached [pid 5475] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5475] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5472] <... write resumed>) = 40960 [pid 5475] rt_sigprocmask(SIG_SETMASK, [], [pid 5472] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5472] <... futex resumed>) = 0 [pid 5475] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5472] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5475] <... open resumed>) = 6 [ 87.895864][ T5472] loop0: detected capacity change from 0 to 2048 [pid 5475] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] <... futex resumed>) = 0 [pid 5475] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5471] <... futex resumed>) = 1 [pid 5472] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5471] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... write resumed>) = 1048576 [pid 5472] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] <... futex resumed>) = 0 [pid 5471] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5471] <... futex resumed>) = 1 [pid 5472] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5471] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5472] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] <... futex resumed>) = 0 [pid 5471] exit_group(0 [pid 5472] <... futex resumed>) = ? [pid 5471] <... exit_group resumed>) = ? [pid 5472] +++ exited with 0 +++ [pid 5475] <... futex resumed>) = ? [pid 5475] +++ exited with 0 +++ [pid 5471] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5471, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5476 ./strace-static-x86_64: Process 5476 attached [pid 5476] set_robust_list(0x555555c176a0, 24) = 0 [pid 5476] chdir("./88") = 0 [pid 5476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5476] setpgid(0, 0) = 0 [pid 5476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5476] write(3, "1000", 4) = 4 [pid 5476] close(3) = 0 [pid 5476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5476] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5476] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5476] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5477]}, 88) = 5477 [pid 5476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5476] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5477 attached [pid 5477] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5477] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5477] memfd_create("syzkaller", 0) = 3 [pid 5477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5477] munmap(0x7f094d40f000, 1048576) = 0 [pid 5477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5477] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5477] close(3) = 0 [pid 5477] mkdir("./file1", 0777) = 0 [pid 5477] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5477] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5477] chdir("./file1") = 0 [pid 5477] ioctl(4, LOOP_CLR_FD) = 0 [pid 5477] close(4) = 0 [pid 5477] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = 0 [pid 5476] <... futex resumed>) = 1 [pid 5477] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5476] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... open resumed>) = 4 [pid 5477] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = 0 [pid 5477] <... futex resumed>) = 1 [pid 5476] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... mount resumed>) = 0 [pid 5477] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5477] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = 0 [pid 5476] <... futex resumed>) = 1 [pid 5477] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5476] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5477] <... futex resumed>) = 0 [pid 5476] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... openat resumed>) = 5 [pid 5477] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5476] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5476] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5480 attached => {parent_tid=[5480]}, 88) = 5480 [pid 5480] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5476] rt_sigprocmask(SIG_SETMASK, [], [pid 5480] set_robust_list(0x7f094d50e9a0, 24 [pid 5476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5480] <... set_robust_list resumed>) = 0 [pid 5476] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] rt_sigprocmask(SIG_SETMASK, [], [pid 5476] <... futex resumed>) = 0 [pid 5480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5476] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5480] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5480] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5476] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5476] <... futex resumed>) = 0 [pid 5477] <... write resumed>) = 40960 [pid 5476] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.090089][ T5477] loop0: detected capacity change from 0 to 2048 [pid 5477] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] <... write resumed>) = 1048576 [pid 5480] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5480] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = 0 [pid 5477] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5477] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] <... futex resumed>) = 1 [pid 5476] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5476] exit_group(0 [pid 5480] <... futex resumed>) = ? [pid 5477] <... futex resumed>) = ? [pid 5476] <... exit_group resumed>) = ? [pid 5480] +++ exited with 0 +++ [pid 5477] +++ exited with 0 +++ [pid 5476] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5476, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5481 attached [pid 5481] set_robust_list(0x555555c176a0, 24) = 0 [pid 5481] chdir("./89") = 0 [pid 5481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5481] setpgid(0, 0 [pid 5026] <... clone resumed>, child_tidptr=0x555555c17690) = 5481 [pid 5481] <... setpgid resumed>) = 0 [pid 5481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5481] write(3, "1000", 4) = 4 [pid 5481] close(3) = 0 [pid 5481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5481] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5481] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5481] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5482 attached [pid 5482] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5481] <... clone3 resumed> => {parent_tid=[5482]}, 88) = 5482 [pid 5482] <... rseq resumed>) = 0 [pid 5481] rt_sigprocmask(SIG_SETMASK, [], [pid 5482] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5481] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5482] rt_sigprocmask(SIG_SETMASK, [], [pid 5481] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5481] <... futex resumed>) = 0 [pid 5482] memfd_create("syzkaller", 0 [pid 5481] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5482] <... memfd_create resumed>) = 3 [pid 5482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5482] munmap(0x7f094d40f000, 1048576) = 0 [pid 5482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5482] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5482] close(3) = 0 [pid 5482] mkdir("./file1", 0777) = 0 [pid 5482] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5482] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5482] chdir("./file1") = 0 [pid 5482] ioctl(4, LOOP_CLR_FD) = 0 [pid 5482] close(4) = 0 [pid 5482] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... futex resumed>) = 0 [pid 5481] <... futex resumed>) = 1 [pid 5482] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5481] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] <... open resumed>) = 4 [pid 5482] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5482] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5481] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5481] <... futex resumed>) = 0 [pid 5482] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5481] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] <... mount resumed>) = 0 [pid 5482] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5482] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5482] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5481] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5485]}, 88) = 5485 [pid 5481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5481] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5485 attached ) = 0 [pid 5485] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5481] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... rseq resumed>) = 0 [pid 5485] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5485] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5482] <... futex resumed>) = 1 [pid 5482] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5485] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5485] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5481] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5481] <... futex resumed>) = 0 [pid 5485] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 88.241059][ T5482] loop0: detected capacity change from 0 to 2048 [pid 5481] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] <... write resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5482] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] <... write resumed>) = 1048576 [pid 5485] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... futex resumed>) = 0 [pid 5485] <... futex resumed>) = 1 [pid 5481] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] <... futex resumed>) = 0 [pid 5481] <... futex resumed>) = 1 [pid 5482] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5481] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5482] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5482] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5481] exit_group(0 [pid 5485] <... futex resumed>) = ? [pid 5482] <... futex resumed>) = ? [pid 5481] <... exit_group resumed>) = ? [pid 5485] +++ exited with 0 +++ [pid 5482] +++ exited with 0 +++ [pid 5481] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5481, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 [ 88.284594][ T5482] EXT4-fs error (device loop0): __ext4_get_inode_loc:4379: comm syz-executor264: Invalid inode table block 0 in block_group 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5486 attached , child_tidptr=0x555555c17690) = 5486 [pid 5486] set_robust_list(0x555555c176a0, 24) = 0 [pid 5486] chdir("./90") = 0 [pid 5486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5486] setpgid(0, 0) = 0 [pid 5486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5486] write(3, "1000", 4) = 4 [pid 5486] close(3) = 0 [pid 5486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5486] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5486] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5486] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5487 attached [pid 5487] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5486] <... clone3 resumed> => {parent_tid=[5487]}, 88) = 5487 [pid 5487] set_robust_list(0x7f095582f9a0, 24 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], [pid 5487] <... set_robust_list resumed>) = 0 [pid 5486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], [pid 5486] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5486] <... futex resumed>) = 0 [pid 5487] memfd_create("syzkaller", 0 [pid 5486] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5487] <... memfd_create resumed>) = 3 [pid 5487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5487] munmap(0x7f094d40f000, 1048576) = 0 [pid 5487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5487] close(3) = 0 [pid 5487] mkdir("./file1", 0777) = 0 [pid 5487] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5487] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5487] chdir("./file1") = 0 [pid 5487] ioctl(4, LOOP_CLR_FD) = 0 [pid 5487] close(4) = 0 [pid 5487] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... futex resumed>) = 1 [pid 5487] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5487] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5487] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5486] <... futex resumed>) = 0 [pid 5487] <... mount resumed>) = 0 [pid 5486] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... futex resumed>) = 1 [pid 5487] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5487] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] <... futex resumed>) = 0 [pid 5487] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5486] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... openat resumed>) = 5 [pid 5487] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5487] <... futex resumed>) = 1 [pid 5487] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5486] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5490]}, 88) = 5490 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5490 attached [pid 5490] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5486] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... rseq resumed>) = 0 [pid 5490] set_robust_list(0x7f094d50e9a0, 24 [pid 5486] <... futex resumed>) = 0 [pid 5490] <... set_robust_list resumed>) = 0 [pid 5486] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5490] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5487] <... write resumed>) = 40960 [pid 5490] <... open resumed>) = 6 [pid 5487] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5490] <... futex resumed>) = 1 [pid 5487] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5487] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 88.392752][ T5487] loop0: detected capacity change from 0 to 2048 [pid 5486] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... write resumed>) = 1048576 [pid 5487] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5487] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5486] exit_group(0 [pid 5487] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] <... futex resumed>) = ? [pid 5487] <... futex resumed>) = ? [pid 5490] +++ exited with 0 +++ [pid 5487] +++ exited with 0 +++ [pid 5486] <... exit_group resumed>) = ? [pid 5486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5486, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5491 ./strace-static-x86_64: Process 5491 attached [pid 5491] set_robust_list(0x555555c176a0, 24) = 0 [pid 5491] chdir("./91") = 0 [pid 5491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5491] setpgid(0, 0) = 0 [pid 5491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5491] write(3, "1000", 4) = 4 [pid 5491] close(3) = 0 [pid 5491] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5491] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5491] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5491] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5491] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5492 attached => {parent_tid=[5492]}, 88) = 5492 [pid 5492] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5492] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5492] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5491] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5491] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5492] memfd_create("syzkaller", 0) = 3 [pid 5492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5492] munmap(0x7f094d40f000, 1048576) = 0 [pid 5492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5492] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5492] close(3) = 0 [pid 5492] mkdir("./file1", 0777) = 0 [pid 5492] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5492] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5492] chdir("./file1") = 0 [pid 5492] ioctl(4, LOOP_CLR_FD) = 0 [pid 5492] close(4) = 0 [pid 5492] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] <... futex resumed>) = 0 [pid 5491] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5491] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5492] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] <... futex resumed>) = 0 [pid 5491] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = 0 [pid 5492] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5492] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5491] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = 0 [pid 5491] <... futex resumed>) = 1 [pid 5492] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5491] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5492] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] <... futex resumed>) = 0 [pid 5492] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5491] <... futex resumed>) = 0 [pid 5492] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5491] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] <... openat resumed>) = 5 [pid 5492] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = 0 [pid 5492] <... futex resumed>) = 1 [pid 5491] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5491] <... futex resumed>) = 0 [pid 5491] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5491] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5495 attached => {parent_tid=[5495]}, 88) = 5495 [pid 5495] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5491] rt_sigprocmask(SIG_SETMASK, [], [pid 5495] <... rseq resumed>) = 0 [pid 5495] set_robust_list(0x7f094d50e9a0, 24 [pid 5491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5495] <... set_robust_list resumed>) = 0 [pid 5495] rt_sigprocmask(SIG_SETMASK, [], [pid 5491] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... write resumed>) = 40960 [pid 5495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5492] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = 0 [pid 5495] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5491] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5495] <... open resumed>) = 6 [pid 5495] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] <... futex resumed>) = 0 [pid 5495] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = 0 [pid 5491] <... futex resumed>) = 1 [pid 5492] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 88.546139][ T5492] loop0: detected capacity change from 0 to 2048 [pid 5491] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] <... write resumed>) = 1048576 [pid 5492] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] <... futex resumed>) = 0 [pid 5492] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5491] <... futex resumed>) = 0 [pid 5492] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5491] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5492] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] <... futex resumed>) = 0 [pid 5492] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] exit_group(0 [pid 5495] <... futex resumed>) = ? [pid 5492] <... futex resumed>) = ? [pid 5491] <... exit_group resumed>) = ? [pid 5495] +++ exited with 0 +++ [pid 5492] +++ exited with 0 +++ [pid 5491] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5491, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5496 ./strace-static-x86_64: Process 5496 attached [pid 5496] set_robust_list(0x555555c176a0, 24) = 0 [pid 5496] chdir("./92") = 0 [pid 5496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5496] setpgid(0, 0) = 0 [pid 5496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5496] write(3, "1000", 4) = 4 [pid 5496] close(3) = 0 [pid 5496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5496] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5496] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5496] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5497 attached => {parent_tid=[5497]}, 88) = 5497 [pid 5497] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5496] rt_sigprocmask(SIG_SETMASK, [], [pid 5497] set_robust_list(0x7f095582f9a0, 24 [pid 5496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5497] <... set_robust_list resumed>) = 0 [pid 5496] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] rt_sigprocmask(SIG_SETMASK, [], [pid 5496] <... futex resumed>) = 0 [pid 5497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5496] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5497] memfd_create("syzkaller", 0) = 3 [pid 5497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5497] munmap(0x7f094d40f000, 1048576) = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5497] close(3) = 0 [pid 5497] mkdir("./file1", 0777) = 0 [pid 5497] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5497] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5497] chdir("./file1") = 0 [pid 5497] ioctl(4, LOOP_CLR_FD) = 0 [pid 5497] close(4) = 0 [pid 5497] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] <... futex resumed>) = 0 [pid 5497] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5496] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... open resumed>) = 4 [pid 5497] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5497] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5496] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... mount resumed>) = 0 [pid 5497] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5497] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... futex resumed>) = 1 [pid 5497] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5497] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5496] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} [pid 5497] <... futex resumed>) = 1 [pid 5497] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960./strace-static-x86_64: Process 5500 attached [pid 5496] <... clone3 resumed> => {parent_tid=[5500]}, 88) = 5500 [pid 5500] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5500] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5496] rt_sigprocmask(SIG_SETMASK, [], [pid 5500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5500] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5500] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... open resumed>) = 6 [pid 5500] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5500] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] <... futex resumed>) = 0 [pid 5500] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5496] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... write resumed>) = 40960 [pid 5497] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.721724][ T5497] loop0: detected capacity change from 0 to 2048 [pid 5497] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] <... write resumed>) = 1048576 [pid 5500] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5497] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5496] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5497] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5497] <... futex resumed>) = 1 [pid 5496] exit_group(0) = ? [pid 5500] <... futex resumed>) = ? [pid 5497] +++ exited with 0 +++ [pid 5500] +++ exited with 0 +++ [pid 5496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5496, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5501 attached , child_tidptr=0x555555c17690) = 5501 [pid 5501] set_robust_list(0x555555c176a0, 24) = 0 [pid 5501] chdir("./93") = 0 [pid 5501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5501] setpgid(0, 0) = 0 [pid 5501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5501] write(3, "1000", 4) = 4 [pid 5501] close(3) = 0 [pid 5501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5501] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5501] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5502 attached [pid 5502] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5501] <... clone3 resumed> => {parent_tid=[5502]}, 88) = 5502 [pid 5502] <... rseq resumed>) = 0 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], [pid 5502] set_robust_list(0x7f095582f9a0, 24 [pid 5501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5502] <... set_robust_list resumed>) = 0 [pid 5501] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] rt_sigprocmask(SIG_SETMASK, [], [pid 5501] <... futex resumed>) = 0 [pid 5502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5501] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5502] memfd_create("syzkaller", 0) = 3 [pid 5502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5502] munmap(0x7f094d40f000, 1048576) = 0 [pid 5502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5502] close(3) = 0 [pid 5502] mkdir("./file1", 0777) = 0 [pid 5502] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5502] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5502] chdir("./file1") = 0 [pid 5502] ioctl(4, LOOP_CLR_FD) = 0 [pid 5502] close(4) = 0 [pid 5502] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5502] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5501] <... futex resumed>) = 0 [pid 5502] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5501] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... open resumed>) = 4 [pid 5502] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... futex resumed>) = 0 [pid 5501] <... futex resumed>) = 1 [pid 5502] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5502] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5501] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... futex resumed>) = 0 [pid 5501] <... futex resumed>) = 1 [pid 5502] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5501] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5502] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] <... futex resumed>) = 1 [pid 5501] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 5 [pid 5502] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5502] <... futex resumed>) = 1 [pid 5501] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5501] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5501] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5502] <... write resumed>) = 40960 [pid 5501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5506 attached [pid 5502] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... clone3 resumed> => {parent_tid=[5506]}, 88) = 5506 [pid 5506] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], [pid 5506] set_robust_list(0x7f094d50e9a0, 24 [pid 5502] <... futex resumed>) = 0 [pid 5501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5506] <... set_robust_list resumed>) = 0 [pid 5506] rt_sigprocmask(SIG_SETMASK, [], [pid 5501] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5502] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5501] <... futex resumed>) = 0 [pid 5506] <... open resumed>) = 6 [pid 5501] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] <... futex resumed>) = 0 [pid 5501] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] <... futex resumed>) = 0 [pid 5501] <... futex resumed>) = 1 [pid 5502] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 88.888200][ T5502] loop0: detected capacity change from 0 to 2048 [pid 5501] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... write resumed>) = 1048576 [pid 5502] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] <... futex resumed>) = 1 [pid 5501] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5502] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5502] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] exit_group(0) = ? [pid 5502] <... futex resumed>) = ? [pid 5506] <... futex resumed>) = ? [pid 5506] +++ exited with 0 +++ [pid 5502] +++ exited with 0 +++ [pid 5501] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5501, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5507 attached , child_tidptr=0x555555c17690) = 5507 [pid 5507] set_robust_list(0x555555c176a0, 24) = 0 [pid 5507] chdir("./94") = 0 [pid 5507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5507] setpgid(0, 0) = 0 [pid 5507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5507] write(3, "1000", 4) = 4 [pid 5507] close(3) = 0 [pid 5507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5507] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5507] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5508]}, 88) = 5508 [pid 5507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5507] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5508 attached [pid 5508] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5507] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5508] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5508] memfd_create("syzkaller", 0) = 3 [pid 5508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5508] munmap(0x7f094d40f000, 1048576) = 0 [pid 5508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5508] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5508] close(3) = 0 [pid 5508] mkdir("./file1", 0777) = 0 [pid 5508] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5508] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5508] chdir("./file1") = 0 [pid 5508] ioctl(4, LOOP_CLR_FD) = 0 [pid 5508] close(4) = 0 [pid 5508] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = 0 [pid 5507] <... futex resumed>) = 1 [pid 5508] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5507] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... open resumed>) = 4 [pid 5508] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5507] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... mount resumed>) = 0 [pid 5508] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5507] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5507] <... futex resumed>) = 0 [pid 5508] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5507] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5507] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... openat resumed>) = 5 [pid 5508] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5508] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5507] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5507] <... futex resumed>) = 0 [pid 5507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5507] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5511]}, 88) = 5511 [pid 5507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5507] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5511 attached [pid 5508] <... write resumed>) = 40960 [pid 5511] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5511] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5508] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5508] <... futex resumed>) = 0 [pid 5511] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5511] <... futex resumed>) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5511] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5507] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 89.068578][ T5508] loop0: detected capacity change from 0 to 2048 [pid 5508] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5508] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5507] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5508] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5508] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] exit_group(0 [pid 5511] <... futex resumed>) = ? [pid 5508] <... futex resumed>) = ? [pid 5507] <... exit_group resumed>) = ? [pid 5511] +++ exited with 0 +++ [pid 5508] +++ exited with 0 +++ [pid 5507] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5507, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5512 attached , child_tidptr=0x555555c17690) = 5512 [pid 5512] set_robust_list(0x555555c176a0, 24) = 0 [pid 5512] chdir("./95") = 0 [pid 5512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5512] setpgid(0, 0) = 0 [pid 5512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5512] write(3, "1000", 4) = 4 [pid 5512] close(3) = 0 [pid 5512] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5512] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5512] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5512] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5512] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5512] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5513 attached [pid 5513] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5512] <... clone3 resumed> => {parent_tid=[5513]}, 88) = 5513 [pid 5513] <... rseq resumed>) = 0 [pid 5512] rt_sigprocmask(SIG_SETMASK, [], [pid 5513] set_robust_list(0x7f095582f9a0, 24 [pid 5512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5513] <... set_robust_list resumed>) = 0 [pid 5513] rt_sigprocmask(SIG_SETMASK, [], [pid 5512] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5512] <... futex resumed>) = 0 [pid 5513] memfd_create("syzkaller", 0 [pid 5512] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5513] <... memfd_create resumed>) = 3 [pid 5513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5513] munmap(0x7f094d40f000, 1048576) = 0 [pid 5513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5513] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5513] close(3) = 0 [pid 5513] mkdir("./file1", 0777) = 0 [pid 5513] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5513] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5513] chdir("./file1") = 0 [pid 5513] ioctl(4, LOOP_CLR_FD) = 0 [pid 5513] close(4) = 0 [pid 5513] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5512] <... futex resumed>) = 0 [pid 5513] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5512] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... open resumed>) = 4 [pid 5513] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5512] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... mount resumed>) = 0 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5512] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5513] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5512] <... futex resumed>) = 0 [pid 5513] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5512] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... openat resumed>) = 5 [pid 5513] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5512] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5512] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5512] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5512] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5516 attached => {parent_tid=[5516]}, 88) = 5516 [pid 5512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5516] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5512] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... rseq resumed>) = 0 [pid 5516] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5512] <... futex resumed>) = 0 [pid 5516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5516] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5516] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5516] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5512] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = 0 [pid 5513] <... write resumed>) = 40960 [pid 5512] <... futex resumed>) = 1 [pid 5512] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5516] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5513] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 89.228028][ T5513] loop0: detected capacity change from 0 to 2048 [pid 5513] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5516] <... write resumed>) = 1048576 [pid 5516] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5516] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = 0 [pid 5512] <... futex resumed>) = 1 [pid 5513] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5512] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5513] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] exit_group(0 [pid 5513] <... futex resumed>) = ? [pid 5512] <... exit_group resumed>) = ? [pid 5516] <... futex resumed>) = ? [pid 5513] +++ exited with 0 +++ [pid 5516] +++ exited with 0 +++ [pid 5512] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5512, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5517 attached , child_tidptr=0x555555c17690) = 5517 [pid 5517] set_robust_list(0x555555c176a0, 24) = 0 [pid 5517] chdir("./96") = 0 [pid 5517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5517] setpgid(0, 0) = 0 [pid 5517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5517] write(3, "1000", 4) = 4 [pid 5517] close(3) = 0 [pid 5517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5517] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5517] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5518]}, 88) = 5518 [pid 5517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5517] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5518 attached [pid 5518] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5518] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5518] memfd_create("syzkaller", 0) = 3 [pid 5518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5518] munmap(0x7f094d40f000, 1048576) = 0 [pid 5518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5518] close(3) = 0 [pid 5518] mkdir("./file1", 0777) = 0 [pid 5518] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5518] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5518] chdir("./file1") = 0 [pid 5518] ioctl(4, LOOP_CLR_FD) = 0 [pid 5518] close(4) = 0 [pid 5518] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5517] <... futex resumed>) = 0 [pid 5518] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5517] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... open resumed>) = 4 [pid 5518] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5518] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... mount resumed>) = 0 [pid 5518] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5517] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5518] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5518] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5518] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5517] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... openat resumed>) = 5 [pid 5518] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5517] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5517] <... futex resumed>) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5517] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5521]}, 88) = 5521 [pid 5517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5517] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5521 attached [pid 5521] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053) = 0 [pid 5521] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5518] <... write resumed>) = 40960 [pid 5521] rt_sigprocmask(SIG_SETMASK, [], [pid 5518] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5518] <... futex resumed>) = 0 [pid 5521] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5518] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5521] <... open resumed>) = 6 [pid 5521] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5521] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5518] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 89.399175][ T5518] loop0: detected capacity change from 0 to 2048 [pid 5517] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... write resumed>) = 1048576 [pid 5518] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5518] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5517] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5518] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] <... futex resumed>) = 0 [pid 5517] exit_group(0 [pid 5518] <... futex resumed>) = ? [pid 5517] <... exit_group resumed>) = ? [pid 5518] +++ exited with 0 +++ [pid 5521] <... futex resumed>) = ? [pid 5521] +++ exited with 0 +++ [pid 5517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5517, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5522 ./strace-static-x86_64: Process 5522 attached [pid 5522] set_robust_list(0x555555c176a0, 24) = 0 [pid 5522] chdir("./97") = 0 [pid 5522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5522] setpgid(0, 0) = 0 [pid 5522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5522] write(3, "1000", 4) = 4 [pid 5522] close(3) = 0 [pid 5522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5522] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5522] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5523]}, 88) = 5523 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5522] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5523 attached [pid 5523] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5523] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5523] memfd_create("syzkaller", 0) = 3 [pid 5523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5523] munmap(0x7f094d40f000, 1048576) = 0 [pid 5523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5523] close(3) = 0 [pid 5523] mkdir("./file1", 0777) = 0 [pid 5523] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5523] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5523] chdir("./file1") = 0 [pid 5523] ioctl(4, LOOP_CLR_FD) = 0 [pid 5523] close(4) = 0 [pid 5523] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = 1 [pid 5523] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000 [pid 5522] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... open resumed>) = 4 [pid 5523] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = 1 [pid 5523] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5522] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... mount resumed>) = 0 [pid 5523] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5522] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5522] <... futex resumed>) = 0 [pid 5523] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5522] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... openat resumed>) = 5 [pid 5523] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5522] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5523] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5526 attached [pid 5526] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5522] <... clone3 resumed> => {parent_tid=[5526]}, 88) = 5526 [pid 5526] <... rseq resumed>) = 0 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5526] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5526] rt_sigprocmask(SIG_SETMASK, [], [pid 5522] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5522] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5526] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5526] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... write resumed>) = 40960 [pid 5523] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 89.589244][ T5523] loop0: detected capacity change from 0 to 2048 [pid 5523] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = 1 [pid 5523] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5522] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5526] <... futex resumed>) = 1 [pid 5526] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... write resumed>) = 1048576 [pid 5523] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5523] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] exit_group(0 [pid 5526] <... futex resumed>) = ? [pid 5523] <... futex resumed>) = ? [pid 5522] <... exit_group resumed>) = ? [pid 5526] +++ exited with 0 +++ [pid 5523] +++ exited with 0 +++ [pid 5522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5522, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5527 attached , child_tidptr=0x555555c17690) = 5527 [pid 5527] set_robust_list(0x555555c176a0, 24) = 0 [pid 5527] chdir("./98") = 0 [pid 5527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5527] setpgid(0, 0) = 0 [pid 5527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5527] write(3, "1000", 4) = 4 [pid 5527] close(3) = 0 [pid 5527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5527] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5527] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0} => {parent_tid=[5528]}, 88) = 5528 [pid 5527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5527] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5528 attached [pid 5528] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053) = 0 [pid 5528] set_robust_list(0x7f095582f9a0, 24) = 0 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5528] memfd_create("syzkaller", 0) = 3 [pid 5528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5528] munmap(0x7f094d40f000, 1048576) = 0 [pid 5528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5528] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5528] close(3) = 0 [pid 5528] mkdir("./file1", 0777) = 0 [pid 5528] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5528] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5528] chdir("./file1") = 0 [pid 5528] ioctl(4, LOOP_CLR_FD) = 0 [pid 5528] close(4) = 0 [pid 5528] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] <... futex resumed>) = 0 [pid 5528] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5528] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5528] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5527] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] <... mount resumed>) = 0 [pid 5527] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] <... futex resumed>) = 0 [pid 5527] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000 [pid 5527] <... futex resumed>) = 0 [pid 5528] <... open_tree resumed>) = -1 EINVAL (Invalid argument) [pid 5527] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] <... futex resumed>) = 0 [pid 5527] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] <... openat resumed>) = 5 [pid 5528] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5527] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5531 attached [pid 5531] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5527] <... clone3 resumed> => {parent_tid=[5531]}, 88) = 5531 [pid 5531] <... rseq resumed>) = 0 [pid 5531] set_robust_list(0x7f094d50e9a0, 24 [pid 5527] rt_sigprocmask(SIG_SETMASK, [], [pid 5531] <... set_robust_list resumed>) = 0 [ 89.759717][ T5528] loop0: detected capacity change from 0 to 2048 [pid 5527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5531] rt_sigprocmask(SIG_SETMASK, [], [pid 5528] <... write resumed>) = 40960 [pid 5527] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = 0 [pid 5528] <... futex resumed>) = 0 [pid 5527] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5531] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5531] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5531] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5527] <... futex resumed>) = 1 [pid 5528] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5527] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] <... write resumed>) = 1048576 [pid 5528] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5528] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5527] <... futex resumed>) = 0 [pid 5528] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH [pid 5527] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5528] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5528] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] exit_group(0 [pid 5531] <... futex resumed>) = ? [pid 5528] <... futex resumed>) = ? [pid 5527] <... exit_group resumed>) = ? [pid 5531] +++ exited with 0 +++ [pid 5528] +++ exited with 0 +++ [pid 5527] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5527, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c17690) = 5532 ./strace-static-x86_64: Process 5532 attached [pid 5532] set_robust_list(0x555555c176a0, 24) = 0 [pid 5532] chdir("./99") = 0 [pid 5532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5532] setpgid(0, 0) = 0 [pid 5532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5532] write(3, "1000", 4) = 4 [pid 5532] close(3) = 0 [pid 5532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5532] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5532] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5532] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5533 attached [pid 5533] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5532] <... clone3 resumed> => {parent_tid=[5533]}, 88) = 5533 [pid 5533] <... rseq resumed>) = 0 [pid 5532] rt_sigprocmask(SIG_SETMASK, [], [pid 5533] set_robust_list(0x7f095582f9a0, 24 [pid 5532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5533] <... set_robust_list resumed>) = 0 [pid 5533] rt_sigprocmask(SIG_SETMASK, [], [pid 5532] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5533] memfd_create("syzkaller", 0 [pid 5532] <... futex resumed>) = 0 [pid 5533] <... memfd_create resumed>) = 3 [pid 5532] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5533] munmap(0x7f094d40f000, 1048576) = 0 [pid 5533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5533] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5533] close(3) = 0 [pid 5533] mkdir("./file1", 0777) = 0 [pid 5533] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5533] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5533] chdir("./file1") = 0 [pid 5533] ioctl(4, LOOP_CLR_FD) = 0 [pid 5533] close(4) = 0 [pid 5533] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... futex resumed>) = 0 [pid 5533] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5533] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5533] <... futex resumed>) = 1 [pid 5532] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5532] <... futex resumed>) = 0 [pid 5533] <... mount resumed>) = 0 [pid 5532] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] <... futex resumed>) = 1 [pid 5532] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5533] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5533] <... futex resumed>) = 1 [pid 5532] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... openat resumed>) = 5 [pid 5533] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5532] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5532] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5533] <... futex resumed>) = 1 [pid 5533] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5532] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0} => {parent_tid=[5536]}, 88) = 5536 ./strace-static-x86_64: Process 5536 attached [pid 5532] rt_sigprocmask(SIG_SETMASK, [], [pid 5536] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5536] <... rseq resumed>) = 0 [pid 5532] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] set_robust_list(0x7f094d50e9a0, 24) = 0 [pid 5532] <... futex resumed>) = 0 [pid 5536] rt_sigprocmask(SIG_SETMASK, [], [pid 5532] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5536] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5536] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5536] <... futex resumed>) = 1 [pid 5536] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5532] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... write resumed>) = 40960 [pid 5533] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] <... futex resumed>) = 0 [ 89.949766][ T5533] loop0: detected capacity change from 0 to 2048 [pid 5532] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] <... write resumed>) = 1048576 [pid 5536] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = 0 [pid 5532] <... futex resumed>) = 1 [pid 5533] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5532] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5533] <... futex resumed>) = 0 [pid 5536] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5533] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] exit_group(0 [pid 5533] <... futex resumed>) = ? [pid 5533] +++ exited with 0 +++ [pid 5532] <... exit_group resumed>) = ? [pid 5536] <... futex resumed>) = ? [pid 5536] +++ exited with 0 +++ [pid 5532] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5532, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555c18730 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555c20770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555c20770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file1") = 0 getdents64(3, 0x555555c18730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5537 attached , child_tidptr=0x555555c17690) = 5537 [pid 5537] set_robust_list(0x555555c176a0, 24) = 0 [pid 5537] chdir("./100") = 0 [pid 5537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5537] setpgid(0, 0) = 0 [pid 5537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5537] write(3, "1000", 4) = 4 [pid 5537] close(3) = 0 [pid 5537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5537] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] rt_sigaction(SIGRT_1, {sa_handler=0x7f0955898ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095588a1a0}, NULL, 8) = 0 [pid 5537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f095580f000 [pid 5537] mprotect(0x7f0955810000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f095582f990, parent_tid=0x7f095582f990, exit_signal=0, stack=0x7f095580f000, stack_size=0x20300, tls=0x7f095582f6c0}./strace-static-x86_64: Process 5538 attached => {parent_tid=[5538]}, 88) = 5538 [pid 5538] rseq(0x7f095582ffe0, 0x20, 0, 0x53053053 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], [pid 5538] <... rseq resumed>) = 0 [pid 5537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5538] set_robust_list(0x7f095582f9a0, 24 [pid 5537] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... set_robust_list resumed>) = 0 [pid 5538] rt_sigprocmask(SIG_SETMASK, [], [pid 5537] <... futex resumed>) = 0 [pid 5538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5537] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5538] memfd_create("syzkaller", 0) = 3 [pid 5538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094d40f000 [pid 5538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5538] munmap(0x7f094d40f000, 1048576) = 0 [pid 5538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5538] close(3) = 0 [pid 5538] mkdir("./file1", 0777) = 0 [pid 5538] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5538] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5538] chdir("./file1") = 0 [pid 5538] ioctl(4, LOOP_CLR_FD) = 0 [pid 5538] close(4) = 0 [pid 5538] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5537] <... futex resumed>) = 0 [pid 5537] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5538] open("./bus", O_ACCMODE|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC|0xdc00001c, 000) = 4 [pid 5538] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5537] <... futex resumed>) = 0 [pid 5538] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = 0 [pid 5537] <... futex resumed>) = 1 [pid 5538] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5537] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5538] <... mount resumed>) = 0 [pid 5538] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5537] <... futex resumed>) = 0 [pid 5538] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = 0 [pid 5537] <... futex resumed>) = 1 [pid 5538] open_tree(-1, NULL, OPEN_TREE_CLONE|0x10000) = -1 EINVAL (Invalid argument) [pid 5537] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5538] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5538] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5537] <... futex resumed>) = 0 [pid 5538] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5537] futex(0x7f09558fc6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5538] <... openat resumed>) = 5 [pid 5538] futex(0x7f09558fc6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5537] <... futex resumed>) = 0 [pid 5538] futex(0x7f09558fc6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] futex(0x7f09558fc6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5537] <... futex resumed>) = 0 [pid 5538] write(5, "\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 40960 [pid 5537] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4ee000 [pid 5537] mprotect(0x7f094d4ef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d50e990, parent_tid=0x7f094d50e990, exit_signal=0, stack=0x7f094d4ee000, stack_size=0x20300, tls=0x7f094d50e6c0}./strace-static-x86_64: Process 5541 attached [pid 5541] rseq(0x7f094d50efe0, 0x20, 0, 0x53053053 [pid 5537] <... clone3 resumed> => {parent_tid=[5541]}, 88) = 5541 [pid 5541] <... rseq resumed>) = 0 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], [pid 5541] set_robust_list(0x7f094d50e9a0, 24 [pid 5537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5541] <... set_robust_list resumed>) = 0 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], [pid 5537] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5537] <... futex resumed>) = 0 [pid 5541] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5537] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... open resumed>) = 6 [pid 5541] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5537] futex(0x7f09558fc6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5537] futex(0x7f09558fc6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 90.124221][ T5538] loop0: detected capacity change from 0 to 2048 [ 90.165192][ T5538] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:478: comm syz-executor264: Invalid block bitmap block 0 in block_group 0 [ 90.179859][ T5538] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:478: comm syz-executor264: Invalid block bitmap block 0 in block_group 0 [ 90.199203][ T5538] ------------[ cut here ]------------ [pid 5541] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5537] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5537] futex(0x7f09558fc6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094d4cd000 [pid 5537] mprotect(0x7f094d4ce000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094d4ed990, parent_tid=0x7f094d4ed990, exit_signal=0, stack=0x7f094d4cd000, stack_size=0x20300, tls=0x7f094d4ed6c0} => {parent_tid=[5542]}, 88) = 5542 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5537] futex(0x7f09558fc6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] futex(0x7f09558fc6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5542 attached [pid 5542] rseq(0x7f094d4edfe0, 0x20, 0, 0x53053053) = 0 [pid 5542] set_robust_list(0x7f094d4ed9a0, 24) = 0 [pid 5542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5542] openat(AT_FDCWD, NULL, O_RDONLY|O_TRUNC|O_PATH) = -1 EFAULT (Bad address) [pid 5542] futex(0x7f09558fc6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] <... futex resumed>) = 0 [pid 5542] <... futex resumed>) = 1 [ 90.204709][ T5538] ext4: mb_load_buddy failed (-117) [ 90.212940][ T5538] WARNING: CPU: 0 PID: 5538 at fs/ext4/mballoc.c:4620 ext4_discard_allocated_blocks+0x5d4/0x750 [ 90.228934][ T5538] Modules linked in: [ 90.232834][ T5538] CPU: 0 PID: 5538 Comm: syz-executor264 Not tainted 6.5.0-syzkaller-12107-g7ba2090ca64e #0 [ 90.243247][ T5538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 90.253527][ T5538] RIP: 0010:ext4_discard_allocated_blocks+0x5d4/0x750 [pid 5542] futex(0x7f09558fc6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] <... write resumed>) = 1048576 [pid 5541] futex(0x7f09558fc6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.260493][ T5538] Code: 00 0f 85 9a 01 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 eb 99 48 ff 48 c7 c7 00 42 1d 8b 44 89 fe e8 8c 14 0f ff <0f> 0b 49 bf 00 00 00 00 00 fc ff df eb 98 e8 c9 99 48 ff e9 19 fe [ 90.280571][ T5538] RSP: 0018:ffffc90005006cc0 EFLAGS: 00010246 [ 90.287096][ T5538] RAX: da27be545f79de00 RBX: 0000000000000001 RCX: ffff888026741dc0 [ 90.295161][ T5538] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 90.303263][ T5538] RBP: ffffc90005006dd0 R08: ffffffff81541672 R09: 1ffff1101730516a [ 90.311303][ T5538] R10: dffffc0000000000 R11: ffffed101730516b R12: ffff888076b7a124 [ 90.319322][ T5538] R13: 1ffff92000a00da0 R14: ffff888076b7a0d8 R15: 00000000ffffff8b [ 90.327422][ T5538] FS: 00007f095582f6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 90.336502][ T5538] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.343096][ T5538] CR2: 0000000020100000 CR3: 000000001c40b000 CR4: 00000000003506f0 [ 90.351109][ T5538] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 90.359115][ T5538] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 90.367121][ T5538] Call Trace: [ 90.370426][ T5538] [ 90.373376][ T5538] ? __warn+0x162/0x4a0 [ 90.377584][ T5538] ? ext4_discard_allocated_blocks+0x5d4/0x750 [ 90.383767][ T5538] ? report_bug+0x2b3/0x500 [ 90.388586][ T5538] ? ext4_discard_allocated_blocks+0x5d4/0x750 [ 90.394775][ T5538] ? handle_bug+0x3d/0x70 [ 90.399162][ T5538] ? exc_invalid_op+0x1a/0x50 [ 90.403868][ T5538] ? asm_exc_invalid_op+0x1a/0x20 [ 90.408948][ T5538] ? __warn_printk+0x292/0x360 [pid 5541] futex(0x7f09558fc6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] exit_group(0) = ? [pid 5541] <... futex resumed>) = ? [pid 5542] <... futex resumed>) = ? [pid 5541] +++ exited with 0 +++ [pid 5542] +++ exited with 0 +++ [ 90.413824][ T5538] ? ext4_discard_allocated_blocks+0x5d4/0x750 [ 90.420040][ T5538] ? ext4_mb_pa_put_free+0x1b0/0x1b0 [ 90.425383][ T5538] ? kmem_cache_free+0x292/0x500 [ 90.430357][ T5538] ? ext4_mb_new_blocks+0x13f7/0x4b30 [ 90.435829][ T5538] ext4_mb_new_blocks+0x148f/0x4b30 [ 90.441081][ T5538] ? ext4_find_extent+0x36c/0xde0 [ 90.446271][ T5538] ? ext4_find_extent+0x36c/0xde0 [ 90.451328][ T5538] ? ext4_mb_release_inode_pa+0xd40/0xd40 [ 90.457095][ T5538] ? ext4_ext_search_right+0x394/0x860 [ 90.462665][ T5538] ? ext4_ext_check_overlap+0x37e/0x5b0 [ 90.468254][ T5538] ? ext4_ext_find_goal+0xec/0x1d0 [ 90.473393][ T5538] ext4_ext_map_blocks+0x1e13/0x7150 [ 90.478900][ T5538] ? is_bpf_text_address+0x253/0x270 [ 90.484210][ T5538] ? stack_trace_save+0x1c0/0x1c0 [ 90.489370][ T5538] ? rcu_is_watching+0x15/0xb0 [ 90.494154][ T5538] ? ext4_ext_release+0x10/0x10 [ 90.499060][ T5538] ? rcu_is_watching+0x15/0xb0 [ 90.503856][ T5538] ? lock_acquire+0xe3/0x520 [ 90.508505][ T5538] ? __down_write_common+0x161/0x200 [ 90.513998][ T5538] ? ext4_es_lookup_extent+0x606/0xa30 [ 90.519589][ T5538] ext4_map_blocks+0xa2f/0x1cb0 [ 90.524499][ T5538] ? folio_create_empty_buffers+0x3a/0x730 [ 90.530377][ T5538] ? ext4_write_begin+0x416/0x10b0 [ 90.535685][ T5538] ? ext4_file_write_iter+0x1d3/0x1ad0 [ 90.541186][ T5538] ? ext4_issue_zeroout+0x260/0x260 [ 90.546452][ T5538] _ext4_get_block+0x238/0x6a0 [ 90.551283][ T5538] ? __asan_memset+0x23/0x40 [ 90.556228][ T5538] ? ext4_get_block+0x40/0x40 [ 90.561015][ T5538] ? rcu_is_watching+0x15/0xb0 [ 90.565817][ T5538] ? lock_acquire+0xe3/0x520 [ 90.570462][ T5538] ext4_block_write_begin+0x53d/0x1550 [ 90.575971][ T5538] ? ext4_es_is_delayed+0x40/0x40 [ 90.581012][ T5538] ? ext4_iomap_swap_activate+0x40/0x40 [ 90.586657][ T5538] ? ext4_journal_check_start+0x175/0x240 [ 90.592495][ T5538] ext4_write_begin+0x619/0x10b0 [ 90.597501][ T5538] ? ext4_readahead+0x110/0x110 [ 90.602402][ T5538] ? fault_in_iov_iter_readable+0x49/0x280 [ 90.608272][ T5538] ? fault_in_readable+0xf8/0x2b0 [ 90.613416][ T5538] ext4_da_write_begin+0x300/0xa40 [ 90.618634][ T5538] ? fault_in_safe_writeable+0x260/0x260 [ 90.624323][ T5538] ? ext4_dirty_folio+0x310/0x310 [ 90.629452][ T5538] ? fault_in_iov_iter_readable+0xdf/0x280 [ 90.635313][ T5538] generic_perform_write+0x31b/0x630 [ 90.640688][ T5538] ? do_raw_spin_unlock+0x13b/0x8b0 [ 90.645956][ T5538] ? generic_file_direct_write+0x3f0/0x3f0 [ 90.651799][ T5538] ? ext4_write_checks+0x256/0x2c0 [ 90.657052][ T5538] ext4_buffered_write_iter+0xc6/0x350 [ 90.662644][ T5538] ext4_file_write_iter+0x1d3/0x1ad0 [ 90.668199][ T5538] ? read_lock_is_recursive+0x20/0x20 [ 90.673796][ T5538] ? __might_sleep+0xc0/0xc0 [ 90.678588][ T5538] ? __might_sleep+0xc0/0xc0 [ 90.683373][ T5538] ? rcu_is_watching+0x15/0xb0 [ 90.688232][ T5538] ? ext4_file_read_iter+0x670/0x670 [ 90.693763][ T5538] ? rcu_is_watching+0x15/0xb0 [ 90.698637][ T5538] ? trace_contention_end+0x3c/0xf0 [ 90.704067][ T5538] vfs_write+0x782/0xaf0 [ 90.708558][ T5538] ? file_end_write+0x250/0x250 [ 90.713449][ T5538] ? mutex_lock_nested+0x1b/0x20 [ 90.718492][ T5538] ? __fdget_pos+0x2b0/0x340 [ 90.723173][ T5538] ? ksys_write+0x7b/0x2c0 [ 90.727698][ T5538] ksys_write+0x1a0/0x2c0 [ 90.732303][ T5538] ? __ia32_sys_read+0x90/0x90 [ 90.737393][ T5538] ? rcu_is_watching+0x15/0xb0 [ 90.742199][ T5538] ? syscall_enter_from_user_mode+0x8c/0x230 [ 90.748242][ T5538] do_syscall_64+0x41/0xc0 [ 90.752690][ T5538] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 90.758648][ T5538] RIP: 0033:0x7f0955872bd9 [ 90.763090][ T5538] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 90.782955][ T5538] RSP: 002b:00007f095582f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 90.791453][ T5538] RAX: ffffffffffffffda RBX: 00007f09558fc6c8 RCX: 00007f0955872bd9 [ 90.799498][ T5538] RDX: 000000000000a000 RSI: 0000000020000780 RDI: 0000000000000005 [ 90.807699][ T5538] RBP: 00007f09558fc6c0 R08: 0000000000000000 R09: 0000000000000000 [ 90.815751][ T5538] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f09558c8a38 [ 90.823765][ T5538] R13: 0000000000000000 R14: 6f6f6c2f7665642f R15: 0032656c69662f2e [ 90.831855][ T5538] [ 90.835007][ T5538] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 90.842379][ T5538] CPU: 0 PID: 5538 Comm: syz-executor264 Not tainted 6.5.0-syzkaller-12107-g7ba2090ca64e #0 [ 90.852549][ T5538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 90.862629][ T5538] Call Trace: [ 90.866010][ T5538] [ 90.869030][ T5538] dump_stack_lvl+0x1e7/0x2d0 [ 90.873829][ T5538] ? nf_tcp_handle_invalid+0x650/0x650 [ 90.879352][ T5538] ? panic+0x770/0x770 [ 90.883571][ T5538] ? vscnprintf+0x5d/0x80 [ 90.887999][ T5538] panic+0x30f/0x770 [ 90.891951][ T5538] ? __warn+0x171/0x4a0 [ 90.896124][ T5538] ? __memcpy_flushcache+0x2b0/0x2b0 [ 90.901516][ T5538] __warn+0x314/0x4a0 [ 90.905529][ T5538] ? ext4_discard_allocated_blocks+0x5d4/0x750 [ 90.911702][ T5538] report_bug+0x2b3/0x500 [ 90.916046][ T5538] ? ext4_discard_allocated_blocks+0x5d4/0x750 [ 90.922223][ T5538] handle_bug+0x3d/0x70 [ 90.926403][ T5538] exc_invalid_op+0x1a/0x50 [ 90.930928][ T5538] asm_exc_invalid_op+0x1a/0x20 [ 90.935824][ T5538] RIP: 0010:ext4_discard_allocated_blocks+0x5d4/0x750 [ 90.942636][ T5538] Code: 00 0f 85 9a 01 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 eb 99 48 ff 48 c7 c7 00 42 1d 8b 44 89 fe e8 8c 14 0f ff <0f> 0b 49 bf 00 00 00 00 00 fc ff df eb 98 e8 c9 99 48 ff e9 19 fe [ 90.962250][ T5538] RSP: 0018:ffffc90005006cc0 EFLAGS: 00010246 [ 90.968332][ T5538] RAX: da27be545f79de00 RBX: 0000000000000001 RCX: ffff888026741dc0 [ 90.976576][ T5538] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 90.984900][ T5538] RBP: ffffc90005006dd0 R08: ffffffff81541672 R09: 1ffff1101730516a [ 90.993159][ T5538] R10: dffffc0000000000 R11: ffffed101730516b R12: ffff888076b7a124 [ 91.001255][ T5538] R13: 1ffff92000a00da0 R14: ffff888076b7a0d8 R15: 00000000ffffff8b [ 91.009240][ T5538] ? __warn_printk+0x292/0x360 [ 91.014114][ T5538] ? ext4_mb_pa_put_free+0x1b0/0x1b0 [ 91.019472][ T5538] ? kmem_cache_free+0x292/0x500 [ 91.024482][ T5538] ? ext4_mb_new_blocks+0x13f7/0x4b30 [ 91.030030][ T5538] ext4_mb_new_blocks+0x148f/0x4b30 [ 91.035408][ T5538] ? ext4_find_extent+0x36c/0xde0 [ 91.040572][ T5538] ? ext4_find_extent+0x36c/0xde0 [ 91.045972][ T5538] ? ext4_mb_release_inode_pa+0xd40/0xd40 [ 91.051801][ T5538] ? ext4_ext_search_right+0x394/0x860 [ 91.057275][ T5538] ? ext4_ext_check_overlap+0x37e/0x5b0 [ 91.062853][ T5538] ? ext4_ext_find_goal+0xec/0x1d0 [ 91.068028][ T5538] ext4_ext_map_blocks+0x1e13/0x7150 [ 91.073435][ T5538] ? is_bpf_text_address+0x253/0x270 [ 91.078842][ T5538] ? stack_trace_save+0x1c0/0x1c0 [ 91.083880][ T5538] ? rcu_is_watching+0x15/0xb0 [ 91.088750][ T5538] ? ext4_ext_release+0x10/0x10 [ 91.093610][ T5538] ? rcu_is_watching+0x15/0xb0 [ 91.098380][ T5538] ? lock_acquire+0xe3/0x520 [ 91.103009][ T5538] ? __down_write_common+0x161/0x200 [ 91.108309][ T5538] ? ext4_es_lookup_extent+0x606/0xa30 [ 91.113792][ T5538] ext4_map_blocks+0xa2f/0x1cb0 [ 91.118664][ T5538] ? folio_create_empty_buffers+0x3a/0x730 [ 91.124647][ T5538] ? ext4_write_begin+0x416/0x10b0 [ 91.129785][ T5538] ? ext4_file_write_iter+0x1d3/0x1ad0 [ 91.135462][ T5538] ? ext4_issue_zeroout+0x260/0x260 [ 91.140710][ T5538] _ext4_get_block+0x238/0x6a0 [ 91.145510][ T5538] ? __asan_memset+0x23/0x40 [ 91.150224][ T5538] ? ext4_get_block+0x40/0x40 [ 91.155016][ T5538] ? rcu_is_watching+0x15/0xb0 [ 91.159797][ T5538] ? lock_acquire+0xe3/0x520 [ 91.164422][ T5538] ext4_block_write_begin+0x53d/0x1550 [ 91.170013][ T5538] ? ext4_es_is_delayed+0x40/0x40 [ 91.175046][ T5538] ? ext4_iomap_swap_activate+0x40/0x40 [ 91.180603][ T5538] ? ext4_journal_check_start+0x175/0x240 [ 91.186351][ T5538] ext4_write_begin+0x619/0x10b0 [ 91.191316][ T5538] ? ext4_readahead+0x110/0x110 [ 91.196267][ T5538] ? fault_in_iov_iter_readable+0x49/0x280 [ 91.202087][ T5538] ? fault_in_readable+0xf8/0x2b0 [ 91.207210][ T5538] ext4_da_write_begin+0x300/0xa40 [ 91.212333][ T5538] ? fault_in_safe_writeable+0x260/0x260 [ 91.217974][ T5538] ? ext4_dirty_folio+0x310/0x310 [ 91.223004][ T5538] ? fault_in_iov_iter_readable+0xdf/0x280 [ 91.228817][ T5538] generic_perform_write+0x31b/0x630 [ 91.234117][ T5538] ? do_raw_spin_unlock+0x13b/0x8b0 [ 91.239329][ T5538] ? generic_file_direct_write+0x3f0/0x3f0 [ 91.245147][ T5538] ? ext4_write_checks+0x256/0x2c0 [ 91.250271][ T5538] ext4_buffered_write_iter+0xc6/0x350 [ 91.255741][ T5538] ext4_file_write_iter+0x1d3/0x1ad0 [ 91.261041][ T5538] ? read_lock_is_recursive+0x20/0x20 [ 91.266430][ T5538] ? __might_sleep+0xc0/0xc0 [ 91.271035][ T5538] ? __might_sleep+0xc0/0xc0 [ 91.275634][ T5538] ? rcu_is_watching+0x15/0xb0 [ 91.280405][ T5538] ? ext4_file_read_iter+0x670/0x670 [ 91.285702][ T5538] ? rcu_is_watching+0x15/0xb0 [ 91.290492][ T5538] ? trace_contention_end+0x3c/0xf0 [ 91.295729][ T5538] vfs_write+0x782/0xaf0 [ 91.300177][ T5538] ? file_end_write+0x250/0x250 [ 91.305067][ T5538] ? mutex_lock_nested+0x1b/0x20 [ 91.310107][ T5538] ? __fdget_pos+0x2b0/0x340 [ 91.314708][ T5538] ? ksys_write+0x7b/0x2c0 [ 91.319311][ T5538] ksys_write+0x1a0/0x2c0 [ 91.323753][ T5538] ? __ia32_sys_read+0x90/0x90 [ 91.328532][ T5538] ? rcu_is_watching+0x15/0xb0 [ 91.333305][ T5538] ? syscall_enter_from_user_mode+0x8c/0x230 [ 91.339339][ T5538] do_syscall_64+0x41/0xc0 [ 91.343787][ T5538] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.349778][ T5538] RIP: 0033:0x7f0955872bd9 [ 91.354196][ T5538] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 91.373978][ T5538] RSP: 002b:00007f095582f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 91.382421][ T5538] RAX: ffffffffffffffda RBX: 00007f09558fc6c8 RCX: 00007f0955872bd9 [ 91.390483][ T5538] RDX: 000000000000a000 RSI: 0000000020000780 RDI: 0000000000000005 [ 91.398573][ T5538] RBP: 00007f09558fc6c0 R08: 0000000000000000 R09: 0000000000000000 [ 91.406545][ T5538] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f09558c8a38 [ 91.414535][ T5538] R13: 0000000000000000 R14: 6f6f6c2f7665642f R15: 0032656c69662f2e [ 91.422516][ T5538] [ 91.425941][ T5538] Kernel Offset: disabled [ 91.430262][ T5538] Rebooting in 86400 seconds..