./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3956760817 <...> forked to background, child pid 4644 no interfaces have a carrier [ 22.719797][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.728636][ T4645] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.185' (ECDSA) to the list of known hosts. execve("./syz-executor3956760817", ["./syz-executor3956760817"], 0x7ffdd17c9970 /* 10 vars */) = 0 brk(NULL) = 0x5555563bb000 brk(0x5555563bbc40) = 0x5555563bbc40 arch_prctl(ARCH_SET_FS, 0x5555563bb300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555563bb5d0) = 5065 set_robust_list(0x5555563bb5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7efd192136f0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7efd19213dc0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7efd19213790, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7efd19213dc0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3956760817", 4096) = 28 brk(0x5555563dcc40) = 0x5555563dcc40 brk(0x5555563dd000) = 0x5555563dd000 mprotect(0x7efd192e4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5065 mkdir("./syzkaller.PC73va", 0700) = 0 chmod("./syzkaller.PC73va", 0777) = 0 chdir("./syzkaller.PC73va") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5066] chdir("./0") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5066] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5068], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5068 [pid 5066] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5068] getgid() = 0 [pid 5068] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5066] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5069], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5069 ./strace-static-x86_64: Process 5069 attached [pid 5066] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] set_robust_list(0x7efd191e19e0, 24 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 [pid 5069] <... set_robust_list resumed>) = 0 [pid 5068] memfd_create("syzkaller", 0) = 3 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5069] memfd_create("syzkaller", 0) = 4 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5069] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 15914668 [pid 5069] <... write resumed>) = 16777216 [pid 5069] munmap(0x7efd089c1000, 16777216) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5069] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5069] close(4) = 0 [pid 5069] mkdir("./file0", 0777) = 0 [pid 5069] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5069] ioctl(5, LOOP_CLR_FD [pid 5068] <... write resumed>) = 15914668 [pid 5068] munmap(0x7efd10dc1000, 15914668) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5068] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5068] close(4) = 0 syzkaller login: [ 45.174444][ T5069] loop0: detected capacity change from 0 to 32768 [ 45.186936][ T5069] XFS (loop0): no-recovery mounts must be read-only. [pid 5068] close(3) = 0 [pid 5068] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 45.237193][ T5067] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5068] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(5) = 0 [pid 5069] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] exit_group(0) = ? [pid 5069] <... futex resumed>) = ? [pid 5069] +++ exited with 0 +++ [pid 5068] <... futex resumed>) = ? [pid 5068] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=40 /* 0.40 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5070 ./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5070] chdir("./1") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5070] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5071], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5071 [pid 5070] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5071] getgid() = 0 [pid 5071] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5070] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5070] <... clone resumed>, parent_tid=[5072], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x7efd191e19e0, 24 [pid 5071] <... mmap resumed>) = 0x7efd10dc1000 [pid 5070] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5072] <... set_robust_list resumed>) = 0 [pid 5072] memfd_create("syzkaller", 0) = 4 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5072] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 15875738) = 15875738 [pid 5071] munmap(0x7efd10dc1000, 15875738 [pid 5072] <... write resumed>) = 16777216 [pid 5072] munmap(0x7efd089c1000, 16777216 [pid 5071] <... munmap resumed>) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5071] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file0", 0777) = 0 [pid 5071] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5072] <... munmap resumed>) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5072] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5072] ioctl(3, LOOP_CLR_FD) = 0 [pid 5072] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5072] close(3) = 0 [pid 5072] close(4 [pid 5071] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5071] ioctl(5, LOOP_CLR_FD) = 0 [pid 5071] close(5) = 0 [pid 5071] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 45.552343][ T5071] loop0: detected capacity change from 0 to 31007 [ 45.565884][ T5071] Mount JFS Failure: -22 [ 45.570423][ T5071] jfs_mount failed w/return code = -22 [pid 5071] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... close resumed>) = 0 [pid 5072] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] exit_group(0) = ? [pid 5071] <... futex resumed>) = ? [pid 5071] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ [pid 5070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=32 /* 0.32 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5073 ./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5073] chdir("./2") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5073] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5074], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5073] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5074] getgid() = 0 [pid 5074] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5073] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5075 attached [pid 5074] <... futex resumed>) = 1 [pid 5073] <... clone resumed>, parent_tid=[5075], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5075 [pid 5073] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] set_robust_list(0x7efd191e19e0, 24 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] memfd_create("syzkaller", 0 [pid 5075] memfd_create("syzkaller", 0 [pid 5074] <... memfd_create resumed>) = 3 [pid 5075] <... memfd_create resumed>) = 4 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5074] <... mmap resumed>) = 0x7efd089c1000 [pid 5074] munmap(0x7efd089c1000, 138412032) = 0 [pid 5074] close(3) = 0 [pid 5074] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5075] munmap(0x7efd10dc1000, 16777216) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5075] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5075] close(4) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 45.785014][ T5075] loop0: detected capacity change from 0 to 32768 [ 45.794468][ T5075] XFS (loop0): no-recovery mounts must be read-only. [pid 5075] ioctl(3, LOOP_CLR_FD) = 0 [pid 5075] close(3) = 0 [pid 5075] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5075] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] exit_group(0 [pid 5075] <... futex resumed>) = ? [pid 5073] <... exit_group resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5074] <... futex resumed>) = ? [pid 5074] +++ exited with 0 +++ [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5076 ./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5076] chdir("./3") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5076] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5077] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... clone resumed>, parent_tid=[5077], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5077 [pid 5076] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] getgid() = 0 [pid 5077] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5076] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] memfd_create("syzkaller", 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5077] <... memfd_create resumed>) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5076] <... mmap resumed>) = 0x7efd191c1000 [pid 5077] <... mmap resumed>) = 0x7efd10dc1000 [pid 5076] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5078], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5078 [pid 5076] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5078] memfd_create("syzkaller", 0) = 4 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5077] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5077] close(3) = 0 [pid 5077] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5078] munmap(0x7efd089c1000, 16777216) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5078] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5078] close(4) = 0 [pid 5078] mkdir("./file0", 0777) = 0 [pid 5078] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 46.054779][ T5078] loop0: detected capacity change from 0 to 32768 [ 46.064076][ T5078] XFS (loop0): no-recovery mounts must be read-only. [pid 5078] ioctl(3, LOOP_CLR_FD) = 0 [pid 5078] close(3) = 0 [pid 5078] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5076] exit_group(0) = ? [pid 5078] <... futex resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5077] <... futex resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=13 /* 0.13 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5079] chdir("./4") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5079] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5080 attached , parent_tid=[5080], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5080 [pid 5080] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5080] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] getgid() = 0 [pid 5080] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5079] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5079] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5079] <... mprotect resumed>) = 0 [pid 5079] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5081], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5081 [pid 5079] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5081] memfd_create("syzkaller", 0) = 4 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5080] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5080] close(3) = 0 [pid 5080] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5081] munmap(0x7efd089c1000, 16777216) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5081] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5081] close(4) = 0 [pid 5081] mkdir("./file0", 0777) = 0 [pid 5081] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 46.324200][ T5081] loop0: detected capacity change from 0 to 32768 [ 46.332867][ T5081] XFS (loop0): no-recovery mounts must be read-only. [pid 5081] ioctl(3, LOOP_CLR_FD) = 0 [pid 5081] close(3) = 0 [pid 5081] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] exit_group(0 [pid 5080] <... futex resumed>) = ? [pid 5079] <... exit_group resumed>) = ? [pid 5080] +++ exited with 0 +++ [pid 5081] <... futex resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5082 ./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5082] chdir("./5") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5082] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5083], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5083 [pid 5082] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5083] getgid() = 0 [pid 5083] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5082] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5084 attached [pid 5083] <... futex resumed>) = 1 [pid 5082] <... clone resumed>, parent_tid=[5084], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5084 [pid 5082] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] set_robust_list(0x7efd191e19e0, 24 [pid 5083] memfd_create("syzkaller", 0 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5083] <... memfd_create resumed>) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] memfd_create("syzkaller", 0 [pid 5083] <... mmap resumed>) = 0x7efd10dc1000 [pid 5083] munmap(0x7efd10dc1000, 138412032 [pid 5084] <... memfd_create resumed>) = 4 [pid 5083] <... munmap resumed>) = 0 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] close(3) = 0 [pid 5083] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] <... mmap resumed>) = 0x7efd10dc1000 [pid 5083] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5084] munmap(0x7efd10dc1000, 16777216) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5084] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5084] close(4) = 0 [pid 5084] mkdir("./file0", 0777) = 0 [pid 5084] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 46.531711][ T5084] loop0: detected capacity change from 0 to 32768 [ 46.540160][ T5084] XFS (loop0): no-recovery mounts must be read-only. [pid 5084] ioctl(3, LOOP_CLR_FD) = 0 [pid 5084] close(3) = 0 [pid 5084] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... futex resumed>) = 0 [pid 5082] exit_group(0 [pid 5083] <... futex resumed>) = ? [pid 5082] <... exit_group resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5084] <... futex resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5085] chdir("./6") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5085] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5086] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... clone resumed>, parent_tid=[5086], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5086 [pid 5085] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] getgid() = 0 [pid 5085] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] memfd_create("syzkaller", 0 [pid 5085] <... futex resumed>) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5085] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5087], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5087 [pid 5085] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] <... memfd_create resumed>) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5087] memfd_create("syzkaller", 0) = 4 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16051843 [pid 5087] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5086] <... write resumed>) = 16051843 [pid 5086] munmap(0x7efd10dc1000, 16051843) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5086] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file0", 0777) = 0 [pid 5086] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5087] <... write resumed>) = 16777216 [pid 5087] munmap(0x7efd089c1000, 16777216) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5087] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5087] ioctl(3, LOOP_CLR_FD) = 0 [pid 5087] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5087] close(3) = 0 [pid 5087] close(4 [pid 5086] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5086] ioctl(5, LOOP_CLR_FD) = 0 [pid 5086] close(5) = 0 [pid 5086] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 46.834110][ T5086] loop0: detected capacity change from 0 to 31351 [ 46.845369][ T5086] *** Log Format Error ! *** [ 46.850520][ T5086] lmLogInit: exit(-22) [ 46.854894][ T5086] lmLogOpen: exit(-22) [ 46.859516][ T5086] jfs_mount_rw failed, return code = -22 [pid 5086] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... close resumed>) = 0 [pid 5087] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] exit_group(0 [pid 5086] <... futex resumed>) = ? [pid 5085] <... exit_group resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5087] <... futex resumed>) = ? [pid 5087] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5088 ./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5088] chdir("./7") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5088] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5089], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5089 [pid 5088] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5089] getgid() = 0 [pid 5089] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5088] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5090], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5090 [pid 5088] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 1 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5090] memfd_create("syzkaller", 0) = 4 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5089] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5089] close(3) = 0 [pid 5089] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5090] munmap(0x7efd089c1000, 16777216) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5090] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5090] close(4) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 47.088202][ T5090] loop0: detected capacity change from 0 to 32768 [ 47.097544][ T5090] XFS (loop0): no-recovery mounts must be read-only. [pid 5090] ioctl(3, LOOP_CLR_FD) = 0 [pid 5090] close(3) = 0 [pid 5090] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 0 [pid 5088] exit_group(0 [pid 5090] <... futex resumed>) = ? [pid 5089] <... futex resumed>) = ? [pid 5088] <... exit_group resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5091 ./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5091] chdir("./8") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5091] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5092], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5092 [pid 5091] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5092] getgid() = 0 [pid 5092] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5091] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5093], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5093 [pid 5091] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5092] <... futex resumed>) = 1 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5093] memfd_create("syzkaller", 0) = 4 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5093] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16077852 [pid 5093] <... write resumed>) = 16777216 [pid 5093] munmap(0x7efd089c1000, 16777216) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5093] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5093] close(4) = 0 [pid 5093] mkdir("./file0", 0777) = 0 [pid 5093] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5093] ioctl(5, LOOP_CLR_FD [pid 5092] <... write resumed>) = 16077852 [pid 5092] munmap(0x7efd10dc1000, 16077852) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5092] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5092] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5092] close(4) = 0 [ 47.399819][ T5093] loop0: detected capacity change from 0 to 32768 [ 47.410563][ T5093] XFS (loop0): no-recovery mounts must be read-only. [pid 5092] close(3) = 0 [pid 5092] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... ioctl resumed>) = 0 [pid 5093] close(5) = 0 [pid 5093] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... futex resumed>) = 0 [pid 5091] exit_group(0) = ? [pid 5092] <... futex resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5093] <... futex resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 47.475459][ T5067] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5094 ./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5094] chdir("./9") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5094] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5095], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5095 [pid 5094] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5095] getgid() = 0 [pid 5095] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5094] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5096], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5096 [pid 5094] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5096] memfd_create("syzkaller", 0) = 4 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5096] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16023481 [pid 5096] <... write resumed>) = 16777216 [pid 5096] munmap(0x7efd089c1000, 16777216) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5096] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5096] close(4) = 0 [pid 5096] mkdir("./file0", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5095] <... write resumed>) = 16023481 [pid 5096] ioctl(5, LOOP_CLR_FD [pid 5095] munmap(0x7efd10dc1000, 16023481) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5095] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5095] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5095] close(4) = 0 [ 47.721705][ T5096] loop0: detected capacity change from 0 to 32768 [ 47.732024][ T5096] XFS (loop0): no-recovery mounts must be read-only. [pid 5095] close(3) = 0 [pid 5095] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... ioctl resumed>) = 0 [pid 5096] close(5) = 0 [pid 5096] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] exit_group(0 [pid 5095] <... futex resumed>) = ? [pid 5094] <... exit_group resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5096] <... futex resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=32 /* 0.32 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 47.775563][ T5067] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5097 ./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5097] chdir("./10") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5097] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5097] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5098], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5098 [pid 5097] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5098] getgid() = 0 [pid 5098] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5097] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5097] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5099], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5099 [pid 5097] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5098] <... futex resumed>) = 1 [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5099] memfd_create("syzkaller", 0) = 4 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5099] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16077852 [pid 5099] <... write resumed>) = 16777216 [pid 5099] munmap(0x7efd089c1000, 16777216) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5099] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5099] close(4) = 0 [pid 5099] mkdir("./file0", 0777) = 0 [pid 5099] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5099] ioctl(5, LOOP_CLR_FD [pid 5098] <... write resumed>) = 16077852 [pid 5098] munmap(0x7efd10dc1000, 16077852) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5098] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5098] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5098] close(4) = 0 [ 48.040906][ T5099] loop0: detected capacity change from 0 to 32768 [ 48.051123][ T5099] XFS (loop0): no-recovery mounts must be read-only. [pid 5098] close(3) = 0 [pid 5098] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... ioctl resumed>) = 0 [pid 5099] close(5) = 0 [pid 5099] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5097] exit_group(0) = ? [pid 5098] <... futex resumed>) = ? [pid 5098] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 48.115311][ T5067] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5100] chdir("./11") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5100] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5101], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5101 [pid 5100] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5101] getgid() = 0 [pid 5101] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5100] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE [pid 5101] memfd_create("syzkaller", 0 [pid 5100] <... mprotect resumed>) = 0 [pid 5101] <... memfd_create resumed>) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5100] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5102 attached , parent_tid=[5102], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5102 [pid 5102] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5100] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5102] memfd_create("syzkaller", 0) = 4 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16024750 [pid 5102] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5101] <... write resumed>) = 16024750 [pid 5101] munmap(0x7efd10dc1000, 16024750) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5101] ioctl(5, LOOP_SET_FD, 3 [pid 5102] <... write resumed>) = 16777216 [pid 5101] <... ioctl resumed>) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file0", 0777 [pid 5102] munmap(0x7efd089c1000, 16777216 [pid 5101] <... mkdir resumed>) = 0 [pid 5101] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5102] <... munmap resumed>) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5102] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5102] ioctl(3, LOOP_CLR_FD) = 0 [pid 5102] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5102] close(3) = 0 [pid 5102] close(4 [pid 5101] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5101] ioctl(5, LOOP_CLR_FD [pid 5102] <... close resumed>) = 0 [pid 5102] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] <... futex resumed>) = 0 [ 48.372068][ T5101] loop0: detected capacity change from 0 to 31298 [ 48.383162][ T5101] *** Log Format Error ! *** [ 48.388925][ T5101] lmLogInit: exit(-22) [ 48.393234][ T5101] lmLogOpen: exit(-22) [ 48.405926][ T5101] jfs_mount_rw failed, return code = -22 [pid 5101] <... ioctl resumed>) = 0 [pid 5101] close(5) = 0 [pid 5101] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] exit_group(0) = ? [pid 5101] <... futex resumed>) = ? [pid 5102] <... futex resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5103 ./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5103] chdir("./12") = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5103] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5103] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5104 attached , parent_tid=[5104], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5104 [pid 5104] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5104] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] getgid() = 0 [pid 5104] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5103] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5103] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5103] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5105], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5105 [pid 5103] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5105] memfd_create("syzkaller", 0) = 4 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5104] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5104] close(3) = 0 [pid 5104] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5105] munmap(0x7efd089c1000, 16777216) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5105] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5105] close(4) = 0 [pid 5105] mkdir("./file0", 0777) = 0 [pid 5105] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 48.689255][ T5105] loop0: detected capacity change from 0 to 32768 [ 48.698427][ T5105] XFS (loop0): no-recovery mounts must be read-only. [pid 5105] ioctl(3, LOOP_CLR_FD) = 0 [pid 5105] close(3) = 0 [pid 5105] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... futex resumed>) = 0 [pid 5103] exit_group(0 [pid 5104] <... futex resumed>) = ? [pid 5104] +++ exited with 0 +++ [pid 5103] <... exit_group resumed>) = ? [pid 5105] <... futex resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5106 ./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5106] chdir("./13") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5106] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5107 attached [pid 5107] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5107] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] <... clone resumed>, parent_tid=[5107], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5107 [pid 5106] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] getgid() = 0 [pid 5107] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5106] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5106] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] memfd_create("syzkaller", 0 [pid 5106] <... futex resumed>) = 0 [pid 5107] <... memfd_create resumed>) = 3 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10de2000 [pid 5106] <... mmap resumed>) = 0x7efd10dc1000 [pid 5106] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5108 attached , parent_tid=[5108], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5108 [pid 5108] set_robust_list(0x7efd10de19e0, 24 [pid 5106] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5106] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5108] memfd_create("syzkaller", 0) = 4 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16463079 [pid 5108] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5107] <... write resumed>) = 16463079 [pid 5107] munmap(0x7efd10de2000, 16463079 [pid 5108] <... write resumed>) = 16777216 [pid 5108] munmap(0x7efd089c1000, 16777216 [pid 5107] <... munmap resumed>) = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5107] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5107] close(3) = 0 [pid 5107] mkdir("./file0", 0777) = 0 [pid 5107] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5108] <... munmap resumed>) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5108] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5108] ioctl(3, LOOP_CLR_FD) = 0 [pid 5108] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5108] close(3) = 0 [pid 5108] close(4 [pid 5107] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5107] ioctl(5, LOOP_CLR_FD [pid 5108] <... close resumed>) = 0 [pid 5108] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [ 49.020555][ T5107] loop0: detected capacity change from 0 to 32154 [ 49.030481][ T5107] *** Log Format Error ! *** [ 49.036543][ T5107] lmLogInit: exit(-22) [ 49.040955][ T5107] lmLogOpen: exit(-22) [ 49.053966][ T5107] jfs_mount_rw failed, return code = -22 [pid 5108] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... ioctl resumed>) = 0 [pid 5107] close(5) = 0 [pid 5107] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] exit_group(0 [pid 5108] <... futex resumed>) = ? [pid 5107] <... futex resumed>) = ? [pid 5106] <... exit_group resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached , child_tidptr=0x5555563bb5d0) = 5109 [pid 5109] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5109] chdir("./14") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5109] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5110], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5110 [pid 5109] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5110] getgid() = 0 [pid 5110] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5109] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5111], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5111 [pid 5109] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5110] memfd_create("syzkaller", 0) = 4 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5111] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5111] close(3) = 0 [pid 5111] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5111] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5110] munmap(0x7efd089c1000, 16777216) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5110] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5110] close(4) = 0 [pid 5110] mkdir("./file0", 0777) = 0 [pid 5110] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity,") = 0 [pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5110] chdir("./file0") = 0 [pid 5110] ioctl(3, LOOP_CLR_FD) = 0 [pid 5110] close(3) = 0 [pid 5110] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] exit_group(0 [pid 5111] <... futex resumed>) = ? [pid 5109] <... exit_group resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5110] <... futex resumed>) = ? [pid 5110] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 49.352596][ T5110] loop0: detected capacity change from 0 to 32768 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5112 ./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5112] chdir("./15") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5112] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5112] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5113], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5113 [pid 5112] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5113] getgid() = 0 [pid 5113] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5112] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE [pid 5113] <... futex resumed>) = 0 [pid 5112] <... mprotect resumed>) = 0 [pid 5112] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5114], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5114 [pid 5112] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5113] memfd_create("syzkaller", 0) = 4 [pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5114] <... mmap resumed>) = 0x7efd089c1000 [pid 5114] munmap(0x7efd089c1000, 138412032) = 0 [pid 5114] close(3) = 0 [pid 5114] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5114] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5113] munmap(0x7efd10dc1000, 16777216) = 0 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5113] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5113] close(4) = 0 [pid 5113] mkdir("./file0", 0777) = 0 [pid 5113] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity,") = 0 [pid 5113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5113] chdir("./file0") = 0 [pid 5113] ioctl(3, LOOP_CLR_FD) = 0 [pid 5113] close(3) = 0 [pid 5113] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] exit_group(0 [pid 5114] <... futex resumed>) = ? [pid 5112] <... exit_group resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5113] <... futex resumed>) = ? [pid 5113] +++ exited with 0 +++ [pid 5112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 49.584673][ T5113] loop0: detected capacity change from 0 to 32768 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5115 ./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5115] chdir("./16") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5115] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x7efd192029e0, 24 [pid 5115] <... clone resumed>, parent_tid=[5116], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5116 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5115] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] getgid( [pid 5115] <... futex resumed>) = 0 [pid 5116] <... getgid resumed>) = 0 [pid 5115] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5115] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] memfd_create("syzkaller", 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5116] <... memfd_create resumed>) = 3 [pid 5115] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5115] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5117], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5117 ./strace-static-x86_64: Process 5117 attached [pid 5116] <... mmap resumed>) = 0x7efd10dc1000 [pid 5117] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5117] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5115] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5117] memfd_create("syzkaller", 0) = 4 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5117] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 15915733 [pid 5117] <... write resumed>) = 16777216 [pid 5117] munmap(0x7efd089c1000, 16777216) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5117] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5117] close(4) = 0 [pid 5117] mkdir("./file0", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5117] ioctl(5, LOOP_CLR_FD [pid 5116] <... write resumed>) = 15915733 [pid 5116] munmap(0x7efd10dc1000, 15915733) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5116] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5116] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5116] close(4) = 0 [ 49.872339][ T5117] loop0: detected capacity change from 0 to 32768 [ 49.881720][ T5117] XFS (loop0): no-recovery mounts must be read-only. [pid 5116] close(3) = 0 [pid 5116] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... ioctl resumed>) = 0 [pid 5117] close(5) = 0 [pid 5117] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5115] exit_group(0) = ? [pid 5116] <... futex resumed>) = ? [pid 5116] +++ exited with 0 +++ [pid 5117] <... futex resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5118 ./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5118] chdir("./17") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5118] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5118] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5118] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5119], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5119 [pid 5118] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5119] getgid() = 0 [pid 5119] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] <... futex resumed>) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5118] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] memfd_create("syzkaller", 0 [pid 5118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5119] <... memfd_create resumed>) = 3 [pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10de2000 [pid 5118] <... mmap resumed>) = 0x7efd10dc1000 [pid 5118] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5118] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5120 attached , parent_tid=[5120], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5120 [pid 5120] set_robust_list(0x7efd10de19e0, 24 [pid 5118] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] <... set_robust_list resumed>) = 0 [pid 5118] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] memfd_create("syzkaller", 0) = 4 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16110591 [pid 5120] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5119] <... write resumed>) = 16110591 [pid 5119] munmap(0x7efd10de2000, 16110591) = 0 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5119] ioctl(5, LOOP_SET_FD, 3 [pid 5120] <... write resumed>) = 16777216 [pid 5120] munmap(0x7efd089c1000, 16777216 [pid 5119] <... ioctl resumed>) = 0 [pid 5119] close(3) = 0 [pid 5119] mkdir("./file0", 0777) = 0 [pid 5119] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5120] <... munmap resumed>) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5120] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5120] ioctl(3, LOOP_CLR_FD) = 0 [pid 5120] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5120] close(3) = 0 [pid 5120] close(4 [pid 5119] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5119] ioctl(5, LOOP_CLR_FD) = 0 [pid 5119] close(5) = 0 [pid 5119] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] <... close resumed>) = 0 [pid 5120] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5118] exit_group(0 [pid 5119] <... futex resumed>) = ? [pid 5118] <... exit_group resumed>) = ? [pid 5119] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ [pid 5118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 50.212966][ T5119] loop0: detected capacity change from 0 to 31465 [ 50.226479][ T5119] *** Log Format Error ! *** [ 50.237781][ T5119] lmLogInit: exit(-22) [ 50.242609][ T5119] lmLogOpen: exit(-22) [ 50.246978][ T5119] jfs_mount_rw failed, return code = -22 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5121 ./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5121] chdir("./18") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5121] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5122], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5122 [pid 5121] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5122] getgid() = 0 [pid 5122] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5121] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5123], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5123 [pid 5121] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 1 [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5123] memfd_create("syzkaller", 0) = 4 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5122] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5122] close(3) = 0 [pid 5122] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5123] munmap(0x7efd089c1000, 16777216) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5123] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5123] close(4) = 0 [pid 5123] mkdir("./file0", 0777) = 0 [pid 5123] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 50.457758][ T5123] loop0: detected capacity change from 0 to 32768 [ 50.466885][ T5123] XFS (loop0): no-recovery mounts must be read-only. [pid 5123] ioctl(3, LOOP_CLR_FD) = 0 [pid 5123] close(3) = 0 [pid 5123] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] <... futex resumed>) = 0 [pid 5121] exit_group(0 [pid 5122] <... futex resumed>) = ? [pid 5121] <... exit_group resumed>) = ? [pid 5122] +++ exited with 0 +++ [pid 5123] <... futex resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5124 ./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5124] chdir("./19") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5124] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5125 attached , parent_tid=[5125], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5125 [pid 5125] set_robust_list(0x7efd192029e0, 24 [pid 5124] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] <... set_robust_list resumed>) = 0 [pid 5124] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] getgid() = 0 [pid 5125] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5124] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5126], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5126 [pid 5124] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5125] memfd_create("syzkaller", 0) = 4 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5126] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5126] close(3) = 0 [pid 5126] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5126] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5125] munmap(0x7efd089c1000, 16777216) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5125] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5125] close(4) = 0 [pid 5125] mkdir("./file0", 0777) = 0 [pid 5125] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity,") = 0 [pid 5125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5125] chdir("./file0") = 0 [pid 5125] ioctl(3, LOOP_CLR_FD) = 0 [pid 5125] close(3) = 0 [pid 5125] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] exit_group(0 [pid 5126] <... futex resumed>) = ? [pid 5125] <... futex resumed>) = ? [pid 5124] <... exit_group resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 50.712630][ T5125] loop0: detected capacity change from 0 to 32768 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5127 ./strace-static-x86_64: Process 5127 attached [pid 5127] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5127] chdir("./20") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5127] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5128 attached , parent_tid=[5128], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5128 [pid 5127] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5128] getgid() = 0 [pid 5128] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] <... futex resumed>) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5127] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5127] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5128] memfd_create("syzkaller", 0) = 3 [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5127] <... mmap resumed>) = 0x7efd191c1000 [pid 5128] <... mmap resumed>) = 0x7efd10dc1000 [pid 5127] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5129], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5129 [pid 5127] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5129] memfd_create("syzkaller", 0) = 4 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5128] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5128] close(3) = 0 [pid 5128] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5129] munmap(0x7efd089c1000, 16777216) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5129] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5129] close(4) = 0 [pid 5129] mkdir("./file0", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 50.948538][ T5129] loop0: detected capacity change from 0 to 32768 [ 50.967722][ T5129] XFS (loop0): no-recovery mounts must be read-only. [pid 5129] ioctl(3, LOOP_CLR_FD) = 0 [pid 5129] close(3) = 0 [pid 5129] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5127] exit_group(0 [pid 5128] <... futex resumed>) = ? [pid 5127] <... exit_group resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5130 ./strace-static-x86_64: Process 5130 attached [pid 5130] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5130] chdir("./21") = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5130] setpgid(0, 0) = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5130] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5130] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5131 attached , parent_tid=[5131], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5131 [pid 5131] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5131] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] getgid() = 0 [pid 5131] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5130] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] memfd_create("syzkaller", 0) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10de2000 [pid 5130] <... futex resumed>) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd10dc1000 [pid 5130] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5132 attached , parent_tid=[5132], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5132 [pid 5132] set_robust_list(0x7efd10de19e0, 24 [pid 5130] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... set_robust_list resumed>) = 0 [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5132] memfd_create("syzkaller", 0) = 4 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16717911 [pid 5132] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5131] <... write resumed>) = 16717911 [pid 5131] munmap(0x7efd10de2000, 16717911 [pid 5132] <... write resumed>) = 16777216 [pid 5132] munmap(0x7efd089c1000, 16777216 [pid 5131] <... munmap resumed>) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5131] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5131] close(3) = 0 [pid 5131] mkdir("./file0", 0777) = 0 [pid 5131] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5132] <... munmap resumed>) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5132] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5132] ioctl(3, LOOP_CLR_FD) = 0 [pid 5132] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5132] close(3) = 0 [ 51.271197][ T5131] loop0: detected capacity change from 0 to 32652 [ 51.281636][ T5131] *** Log Format Error ! *** [ 51.287125][ T5131] lmLogInit: exit(-22) [ 51.291344][ T5131] lmLogOpen: exit(-22) [pid 5132] close(4 [pid 5131] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5131] ioctl(5, LOOP_CLR_FD [pid 5132] <... close resumed>) = 0 [pid 5132] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5132] <... futex resumed>) = 1 [ 51.313888][ T5131] jfs_mount_rw failed, return code = -22 [pid 5132] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... ioctl resumed>) = 0 [pid 5131] close(5) = 0 [pid 5131] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] exit_group(0) = ? [pid 5132] <... futex resumed>) = ? [pid 5131] <... futex resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ [pid 5130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=39 /* 0.39 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached , child_tidptr=0x5555563bb5d0) = 5133 [pid 5133] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5133] chdir("./22") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5133] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5133] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5134], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5134 [pid 5133] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5134] getgid() = 0 [pid 5134] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5133] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE [pid 5134] <... futex resumed>) = 1 [pid 5133] <... mprotect resumed>) = 0 [pid 5133] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5135 attached , parent_tid=[5135], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5135 [pid 5135] set_robust_list(0x7efd191e19e0, 24 [pid 5133] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... set_robust_list resumed>) = 0 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5134] memfd_create("syzkaller", 0) = 4 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5134] <... mmap resumed>) = 0x7efd10dc1000 [pid 5135] <... mmap resumed>) = 0x7efd089c1000 [pid 5135] munmap(0x7efd089c1000, 138412032) = 0 [pid 5135] close(3) = 0 [pid 5135] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5135] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5134] munmap(0x7efd10dc1000, 16777216) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5134] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5134] close(4) = 0 [pid 5134] mkdir("./file0", 0777) = 0 [pid 5134] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity,") = 0 [pid 5134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5134] chdir("./file0") = 0 [pid 5134] ioctl(3, LOOP_CLR_FD) = 0 [pid 5134] close(3) = 0 [pid 5134] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] exit_group(0 [pid 5135] <... futex resumed>) = ? [pid 5134] <... futex resumed>) = ? [pid 5133] <... exit_group resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 51.598624][ T5134] loop0: detected capacity change from 0 to 32768 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5136 ./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5136] chdir("./23") = 0 [pid 5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5136] setpgid(0, 0) = 0 [pid 5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5136] write(3, "1000", 4) = 4 [pid 5136] close(3) = 0 [pid 5136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5136] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5136] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5136] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5137], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5137 [pid 5136] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5137] getgid() = 0 [pid 5137] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] memfd_create("syzkaller", 0 [pid 5136] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5137] <... memfd_create resumed>) = 3 [pid 5136] <... mmap resumed>) = 0x7efd191c1000 [pid 5136] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5136] <... mprotect resumed>) = 0 [pid 5137] <... mmap resumed>) = 0x7efd10dc1000 [pid 5136] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5138 attached , parent_tid=[5138], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5138 [pid 5138] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5136] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5138] memfd_create("syzkaller", 0) = 4 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5138] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16029227 [pid 5138] <... write resumed>) = 16777216 [pid 5138] munmap(0x7efd089c1000, 16777216) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5138] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5138] close(4) = 0 [pid 5138] mkdir("./file0", 0777) = 0 [pid 5138] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid" [pid 5137] <... write resumed>) = 16029227 [pid 5137] munmap(0x7efd10dc1000, 16029227 [pid 5138] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5138] ioctl(5, LOOP_CLR_FD [pid 5137] <... munmap resumed>) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5137] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5137] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5137] close(4) = 0 [ 51.876807][ T5138] loop0: detected capacity change from 0 to 32768 [ 51.887142][ T5138] XFS (loop0): no-recovery mounts must be read-only. [pid 5137] close(3 [pid 5138] <... ioctl resumed>) = 0 [pid 5138] close(5 [pid 5137] <... close resumed>) = 0 [pid 5137] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... close resumed>) = 0 [pid 5138] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... futex resumed>) = 0 [pid 5136] exit_group(0) = ? [pid 5137] <... futex resumed>) = ? [pid 5137] +++ exited with 0 +++ [pid 5138] <... futex resumed>) = ? [pid 5138] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5136, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=40 /* 0.40 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5139 ./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5139] chdir("./24") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5139] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5139] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5140 attached , parent_tid=[5140], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5140 [pid 5140] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5140] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] getgid() = 0 [pid 5140] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5139] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5139] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] memfd_create("syzkaller", 0) = 3 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10de2000 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd10dc1000 [pid 5139] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5139] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5141], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5141 [pid 5139] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x7efd10de19e0, 24) = 0 [pid 5141] memfd_create("syzkaller", 0) = 4 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5140] munmap(0x7efd10de2000, 138412032) = 0 [pid 5140] close(3) = 0 [pid 5140] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5141] munmap(0x7efd089c1000, 16777216) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5141] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5141] close(4) = 0 [pid 5141] mkdir("./file0", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 52.166975][ T5141] loop0: detected capacity change from 0 to 32768 [ 52.176088][ T5141] XFS (loop0): no-recovery mounts must be read-only. [pid 5141] ioctl(3, LOOP_CLR_FD) = 0 [pid 5141] close(3) = 0 [pid 5141] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5139] exit_group(0 [pid 5140] <... futex resumed>) = ? [pid 5139] <... exit_group resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5141] <... futex resumed>) = ? [pid 5141] +++ exited with 0 +++ [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=14 /* 0.14 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5142 ./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5142] chdir("./25") = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5142] setpgid(0, 0) = 0 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5142] write(3, "1000", 4) = 4 [pid 5142] close(3) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5142] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5142] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5142] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5143], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5143 [pid 5142] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5143] getgid() = 0 [pid 5143] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5142] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5142] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5144], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5144 [pid 5142] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5143] <... futex resumed>) = 1 [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5144] memfd_create("syzkaller", 0) = 4 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5144] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 15939780 [pid 5144] <... write resumed>) = 16777216 [pid 5144] munmap(0x7efd089c1000, 16777216 [pid 5143] <... write resumed>) = 15939780 [pid 5143] munmap(0x7efd10dc1000, 15939780 [pid 5144] <... munmap resumed>) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5144] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5144] close(4) = 0 [pid 5144] mkdir("./file0", 0777 [pid 5143] <... munmap resumed>) = 0 [pid 5144] <... mkdir resumed>) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5144] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid" [pid 5143] <... openat resumed>) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5143] ioctl(4, LOOP_CLR_FD) = 0 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5143] close(4 [pid 5144] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5143] <... close resumed>) = 0 [pid 5144] ioctl(5, LOOP_CLR_FD [pid 5143] close(3) = 0 [pid 5143] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 52.462634][ T5144] loop0: detected capacity change from 0 to 32768 [ 52.472829][ T5144] XFS (loop0): no-recovery mounts must be read-only. [pid 5143] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... ioctl resumed>) = 0 [pid 5144] close(5) = 0 [pid 5144] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5142] exit_group(0 [pid 5143] <... futex resumed>) = ? [pid 5142] <... exit_group resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5144] <... futex resumed>) = ? [pid 5144] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 52.545228][ T5067] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5145] chdir("./26") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5145] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5065] <... clone resumed>, child_tidptr=0x5555563bb5d0) = 5145 [pid 5145] <... clone resumed>, parent_tid=[5146], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5146 [pid 5145] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5146] getgid() = 0 [pid 5146] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5145] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5147], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5147 [pid 5145] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 1 [pid 5146] memfd_create("syzkaller", 0) = 3 [pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5147] memfd_create("syzkaller", 0) = 4 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5147] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16077852) = 16077852 [pid 5146] munmap(0x7efd10dc1000, 16077852 [pid 5147] <... write resumed>) = 16777216 [pid 5147] munmap(0x7efd089c1000, 16777216 [pid 5146] <... munmap resumed>) = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5146] ioctl(5, LOOP_SET_FD, 3 [pid 5147] <... munmap resumed>) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5147] ioctl(6, LOOP_SET_FD, 4 [pid 5146] <... ioctl resumed>) = 0 [pid 5147] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5146] close(3 [pid 5147] ioctl(6, LOOP_CLR_FD [pid 5146] <... close resumed>) = 0 [pid 5146] mkdir("./file0", 0777 [pid 5147] <... ioctl resumed>) = 0 [pid 5146] <... mkdir resumed>) = 0 [pid 5146] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5147] ioctl(6, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5147] close(6) = 0 [pid 5147] close(4 [pid 5146] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5146] ioctl(5, LOOP_CLR_FD [pid 5147] <... close resumed>) = 0 [pid 5147] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... futex resumed>) = 0 [ 52.840349][ T5146] loop0: detected capacity change from 0 to 31402 [ 52.852404][ T5146] *** Log Format Error ! *** [ 52.857538][ T5146] lmLogInit: exit(-22) [ 52.865936][ T5146] lmLogOpen: exit(-22) [ 52.870056][ T5146] jfs_mount_rw failed, return code = -22 [pid 5146] <... ioctl resumed>) = 0 [pid 5146] close(5) = 0 [pid 5146] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] exit_group(0) = ? [pid 5147] <... futex resumed>) = ? [pid 5146] <... futex resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=35 /* 0.35 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5148 attached [pid 5148] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5148] chdir("./27") = 0 [pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5148] setpgid(0, 0) = 0 [pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5148] write(3, "1000", 4) = 4 [pid 5148] close(3) = 0 [pid 5148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5148] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... clone resumed>, child_tidptr=0x5555563bb5d0) = 5148 [pid 5148] <... mmap resumed>) = 0x7efd191e2000 [pid 5148] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5148] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5149], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5149 [pid 5148] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5149] getgid() = 0 [pid 5149] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5148] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5148] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5149] memfd_create("syzkaller", 0 [pid 5148] <... clone resumed>, parent_tid=[5150], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5150 [pid 5148] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5149] <... memfd_create resumed>) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5150] memfd_create("syzkaller", 0) = 4 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5149] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5149] close(3) = 0 [pid 5149] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5150] munmap(0x7efd089c1000, 16777216) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5150] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5150] close(4) = 0 [pid 5150] mkdir("./file0", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 53.089257][ T5150] loop0: detected capacity change from 0 to 32768 [ 53.097994][ T5150] XFS (loop0): no-recovery mounts must be read-only. [pid 5150] ioctl(3, LOOP_CLR_FD) = 0 [pid 5150] close(3) = 0 [pid 5150] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] <... futex resumed>) = 0 [pid 5148] exit_group(0 [pid 5150] <... futex resumed>) = ? [pid 5149] <... futex resumed>) = ? [pid 5148] <... exit_group resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ [pid 5148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5151 ./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5151] chdir("./28") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5151] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5151] <... clone resumed>, parent_tid=[5152], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5152 [pid 5152] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] getgid() = 0 [pid 5152] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5151] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5152] memfd_create("syzkaller", 0) = 3 [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5151] <... mmap resumed>) = 0x7efd191c1000 [pid 5152] <... mmap resumed>) = 0x7efd10dc1000 [pid 5151] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5153], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5153 [pid 5151] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5153] memfd_create("syzkaller", 0) = 4 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5152] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5152] close(3) = 0 [pid 5152] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5153] munmap(0x7efd089c1000, 16777216) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5153] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5153] close(4) = 0 [pid 5153] mkdir("./file0", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 53.367387][ T5153] loop0: detected capacity change from 0 to 32768 [ 53.376105][ T5153] XFS (loop0): no-recovery mounts must be read-only. [pid 5153] ioctl(3, LOOP_CLR_FD) = 0 [pid 5153] close(3) = 0 [pid 5153] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5151] exit_group(0 [pid 5152] <... futex resumed>) = ? [pid 5151] <... exit_group resumed>) = ? [pid 5152] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5154 ./strace-static-x86_64: Process 5154 attached [pid 5154] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5154] chdir("./29") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5154] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5155 attached , parent_tid=[5155], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5155 [pid 5155] set_robust_list(0x7efd192029e0, 24 [pid 5154] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... set_robust_list resumed>) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5155] getgid( [pid 5154] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... getgid resumed>) = 0 [pid 5155] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] memfd_create("syzkaller", 0) = 3 [pid 5154] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5154] <... futex resumed>) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5155] <... mmap resumed>) = 0x7efd10de2000 [pid 5154] <... mmap resumed>) = 0x7efd10dc1000 [pid 5154] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5156], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5156 [pid 5154] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x7efd10de19e0, 24) = 0 [pid 5156] memfd_create("syzkaller", 0) = 4 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5155] munmap(0x7efd10de2000, 138412032) = 0 [pid 5155] close(3) = 0 [pid 5155] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5156] munmap(0x7efd089c1000, 16777216) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5156] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5156] close(4) = 0 [pid 5156] mkdir("./file0", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 53.623888][ T5156] loop0: detected capacity change from 0 to 32768 [ 53.632725][ T5156] XFS (loop0): no-recovery mounts must be read-only. [pid 5156] ioctl(3, LOOP_CLR_FD) = 0 [pid 5156] close(3) = 0 [pid 5156] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5154] exit_group(0) = ? [pid 5155] <... futex resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5156] <... futex resumed>) = ? [pid 5156] +++ exited with 0 +++ [pid 5154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5157 ./strace-static-x86_64: Process 5157 attached [pid 5157] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5157] chdir("./30") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5157] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5158], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5158 [pid 5157] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5158] getgid() = 0 [pid 5158] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5157] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5159], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5159 [pid 5157] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5158] <... futex resumed>) = 1 [pid 5158] memfd_create("syzkaller", 0) = 3 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5159] memfd_create("syzkaller", 0) = 4 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16323939 [pid 5159] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5158] <... write resumed>) = 16323939 [pid 5158] munmap(0x7efd10dc1000, 16323939) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5158] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5158] close(3) = 0 [pid 5158] mkdir("./file0", 0777) = 0 [pid 5158] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5159] <... write resumed>) = 16777216 [pid 5159] munmap(0x7efd089c1000, 16777216 [pid 5158] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5158] ioctl(5, LOOP_CLR_FD [pid 5159] <... munmap resumed>) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5159] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5159] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5159] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5159] close(3) = 0 [ 53.922591][ T5158] loop0: detected capacity change from 0 to 31882 [ 53.934693][ T5158] *** Log Format Error ! *** [ 53.940113][ T5158] lmLogInit: exit(-22) [ 53.944480][ T5158] lmLogOpen: exit(-22) [ 53.949472][ T5158] jfs_mount_rw failed, return code = -22 [pid 5159] close(4) = 0 [pid 5159] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5159] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... ioctl resumed>) = 0 [ 53.986337][ T5067] I/O error, dev loop0, sector 31744 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5158] close(5) = 0 [pid 5158] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] exit_group(0 [pid 5159] <... futex resumed>) = ? [pid 5157] <... exit_group resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5158] <... futex resumed>) = ? [pid 5158] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5160 attached , child_tidptr=0x5555563bb5d0) = 5160 [pid 5160] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5160] chdir("./31") = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] write(3, "1000", 4) = 4 [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5160] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5160] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5161], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5161 [pid 5160] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5161] getgid() = 0 [pid 5161] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5161] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5160] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] <... futex resumed>) = 0 [pid 5161] memfd_create("syzkaller", 0 [pid 5160] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5162], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5162 ./strace-static-x86_64: Process 5162 attached [pid 5160] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5161] <... memfd_create resumed>) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5162] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5162] memfd_create("syzkaller", 0) = 4 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16021774 [pid 5162] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5161] <... write resumed>) = 16021774 [pid 5161] munmap(0x7efd10dc1000, 16021774) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5161] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5161] close(3) = 0 [pid 5161] mkdir("./file0", 0777) = 0 [pid 5161] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5162] <... write resumed>) = 16777216 [pid 5162] munmap(0x7efd089c1000, 16777216) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5162] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5162] ioctl(3, LOOP_CLR_FD) = 0 [pid 5162] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5162] close(3) = 0 [pid 5162] close(4 [pid 5161] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5161] ioctl(5, LOOP_CLR_FD) = 0 [pid 5161] close(5) = 0 [pid 5161] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.263815][ T5161] loop0: detected capacity change from 0 to 31292 [ 54.274822][ T5161] *** Log Format Error ! *** [ 54.280046][ T5161] lmLogInit: exit(-22) [ 54.284284][ T5161] lmLogOpen: exit(-22) [ 54.288399][ T5161] jfs_mount_rw failed, return code = -22 [pid 5161] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... close resumed>) = 0 [pid 5162] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] <... futex resumed>) = 0 [pid 5160] exit_group(0 [pid 5161] <... futex resumed>) = ? [pid 5160] <... exit_group resumed>) = ? [pid 5161] +++ exited with 0 +++ [pid 5162] <... futex resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5160] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5163 ./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5163] chdir("./32") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5163] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5164], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5164 ./strace-static-x86_64: Process 5164 attached [pid 5163] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5164] getgid() = 0 [pid 5164] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5163] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x7efd191e19e0, 24 [pid 5163] <... clone resumed>, parent_tid=[5165], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5165 [pid 5164] memfd_create("syzkaller", 0 [pid 5163] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] <... set_robust_list resumed>) = 0 [pid 5163] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5164] <... memfd_create resumed>) = 4 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5164] munmap(0x7efd089c1000, 138412032) = 0 [pid 5164] close(4) = 0 [pid 5164] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5165] munmap(0x7efd10dc1000, 16777216) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] mkdir("./file0", 0777) = 0 [pid 5165] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 54.496575][ T5165] loop0: detected capacity change from 0 to 32768 [ 54.505043][ T5165] XFS (loop0): no-recovery mounts must be read-only. [pid 5165] ioctl(4, LOOP_CLR_FD) = 0 [pid 5165] close(4) = 0 [pid 5165] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5165] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] exit_group(0 [pid 5165] <... futex resumed>) = ? [pid 5164] <... futex resumed>) = ? [pid 5163] <... exit_group resumed>) = ? [pid 5165] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5166 ./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5166] chdir("./33") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5166] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5167], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5167 [pid 5166] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5167] getgid() = 0 [pid 5167] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5166] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5168], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5168 ./strace-static-x86_64: Process 5168 attached [pid 5167] <... futex resumed>) = 1 [pid 5166] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5168] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5167] memfd_create("syzkaller", 0 [pid 5168] memfd_create("syzkaller", 0 [pid 5167] <... memfd_create resumed>) = 3 [pid 5168] <... memfd_create resumed>) = 4 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5167] munmap(0x7efd089c1000, 138412032) = 0 [pid 5167] close(3) = 0 [pid 5167] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5168] munmap(0x7efd10dc1000, 16777216) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5168] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5168] close(4) = 0 [pid 5168] mkdir("./file0", 0777) = 0 [pid 5168] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 54.717085][ T5168] loop0: detected capacity change from 0 to 32768 [ 54.726506][ T5168] XFS (loop0): no-recovery mounts must be read-only. [pid 5168] ioctl(3, LOOP_CLR_FD) = 0 [pid 5168] close(3) = 0 [pid 5168] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... futex resumed>) = 0 [pid 5166] exit_group(0 [pid 5168] <... futex resumed>) = ? [pid 5167] <... futex resumed>) = ? [pid 5166] <... exit_group resumed>) = ? [pid 5168] +++ exited with 0 +++ [pid 5167] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5169 ./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5169] chdir("./34") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5169] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5170], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5170 [pid 5169] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5170] getgid() = 0 [pid 5170] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5169] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5171], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5171 [pid 5169] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5171 attached ) = 0 [pid 5169] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5170] <... futex resumed>) = 1 [pid 5171] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5171] memfd_create("syzkaller", 0 [pid 5170] <... mmap resumed>) = 0x7efd10dc1000 [pid 5171] <... memfd_create resumed>) = 4 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5170] munmap(0x7efd10dc1000, 138412032 [pid 5171] <... mmap resumed>) = 0x7efd089c1000 [pid 5170] <... munmap resumed>) = 0 [pid 5170] close(3) = 0 [pid 5170] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5171] munmap(0x7efd089c1000, 16777216) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5171] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5171] close(4) = 0 [pid 5171] mkdir("./file0", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 54.921563][ T5171] loop0: detected capacity change from 0 to 32768 [ 54.930127][ T5171] XFS (loop0): no-recovery mounts must be read-only. [pid 5171] ioctl(3, LOOP_CLR_FD) = 0 [pid 5171] close(3) = 0 [pid 5171] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5171] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] exit_group(0 [pid 5171] <... futex resumed>) = ? [pid 5169] <... exit_group resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5170] <... futex resumed>) = ? [pid 5170] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5172 ./strace-static-x86_64: Process 5172 attached [pid 5172] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5172] chdir("./35") = 0 [pid 5172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5172] setpgid(0, 0) = 0 [pid 5172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5172] write(3, "1000", 4) = 4 [pid 5172] close(3) = 0 [pid 5172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5172] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5172] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5173 attached , parent_tid=[5173], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5173 [pid 5173] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5173] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5172] <... futex resumed>) = 1 [pid 5173] getgid() = 0 [pid 5173] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5172] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5172] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] memfd_create("syzkaller", 0) = 3 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10de2000 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd10dc1000 [pid 5172] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5174], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5174 [pid 5172] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x7efd10de19e0, 24) = 0 [pid 5174] memfd_create("syzkaller", 0) = 4 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5173] munmap(0x7efd10de2000, 138412032) = 0 [pid 5173] close(3) = 0 [pid 5173] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5174] munmap(0x7efd089c1000, 16777216) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5174] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5174] close(4) = 0 [pid 5174] mkdir("./file0", 0777) = 0 [pid 5174] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 55.194525][ T5174] loop0: detected capacity change from 0 to 32768 [ 55.203591][ T5174] XFS (loop0): no-recovery mounts must be read-only. [pid 5174] ioctl(3, LOOP_CLR_FD) = 0 [pid 5174] close(3) = 0 [pid 5174] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5174] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] exit_group(0 [pid 5174] <... futex resumed>) = ? [pid 5172] <... exit_group resumed>) = ? [pid 5174] +++ exited with 0 +++ [pid 5173] <... futex resumed>) = ? [pid 5173] +++ exited with 0 +++ [pid 5172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5172, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=14 /* 0.14 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5175 ./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5175] chdir("./36") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5175] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5176], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5176 [pid 5175] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5176 attached [pid 5176] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5176] getgid() = 0 [pid 5176] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5175] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5177], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5177 [pid 5175] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 1 [pid 5176] memfd_create("syzkaller", 0) = 3 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5177] memfd_create("syzkaller", 0) = 4 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5177] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16044895 [pid 5177] <... write resumed>) = 16777216 [pid 5177] munmap(0x7efd089c1000, 16777216) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5177] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5177] close(4) = 0 [pid 5177] mkdir("./file0", 0777) = 0 [pid 5177] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5177] ioctl(5, LOOP_CLR_FD [pid 5176] <... write resumed>) = 16044895 [pid 5176] munmap(0x7efd10dc1000, 16044895) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5176] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5176] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5176] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5176] close(4) = 0 [ 55.526411][ T5177] loop0: detected capacity change from 0 to 32768 [ 55.536390][ T5177] XFS (loop0): no-recovery mounts must be read-only. [pid 5176] close(3) = 0 [pid 5176] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.585641][ T5067] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5176] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... ioctl resumed>) = 0 [pid 5177] close(5) = 0 [pid 5177] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] exit_group(0) = ? [pid 5176] <... futex resumed>) = ? [pid 5176] +++ exited with 0 +++ [pid 5177] <... futex resumed>) = ? [pid 5177] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5178 ./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5178] chdir("./37") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5178] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5178] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5179], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5179 [pid 5178] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5179 attached [pid 5179] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5179] getgid() = 0 [pid 5179] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5178] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE [pid 5179] memfd_create("syzkaller", 0 [pid 5178] <... mprotect resumed>) = 0 [pid 5179] <... memfd_create resumed>) = 3 [pid 5178] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5178] <... clone resumed>, parent_tid=[5180], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5180 ./strace-static-x86_64: Process 5180 attached [pid 5179] <... mmap resumed>) = 0x7efd10dc1000 [pid 5178] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5180] memfd_create("syzkaller", 0) = 4 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 15949461 [pid 5180] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5179] <... write resumed>) = 15949461 [pid 5179] munmap(0x7efd10dc1000, 15949461) = 0 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5179] ioctl(5, LOOP_SET_FD, 3 [pid 5180] <... write resumed>) = 16777216 [pid 5180] munmap(0x7efd089c1000, 16777216 [pid 5179] <... ioctl resumed>) = 0 [pid 5179] close(3) = 0 [pid 5179] mkdir("./file0", 0777) = 0 [pid 5179] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5180] <... munmap resumed>) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5180] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5180] ioctl(3, LOOP_CLR_FD) = 0 [pid 5180] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5180] close(3 [pid 5179] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5179] ioctl(5, LOOP_CLR_FD) = 0 [pid 5180] <... close resumed>) = 0 [pid 5179] close(5 [ 55.858092][ T5179] loop0: detected capacity change from 0 to 31151 [ 55.869961][ T5179] jfs_mount: diMount(ipaimap2) failed, rc = -5 [ 55.876572][ T5179] Mount JFS Failure: -5 [ 55.880721][ T5179] jfs_mount failed w/return code = -5 [pid 5180] close(4 [pid 5179] <... close resumed>) = 0 [pid 5179] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... close resumed>) = 0 [pid 5180] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = 0 [pid 5178] exit_group(0) = ? [pid 5180] <... futex resumed>) = ? [pid 5179] <... futex resumed>) = ? [pid 5179] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5181 ./strace-static-x86_64: Process 5181 attached [pid 5181] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5181] chdir("./38") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5181] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5181] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5182 attached , parent_tid=[5182], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5182 [pid 5181] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5182] getgid() = 0 [pid 5182] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5182] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5181] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] memfd_create("syzkaller", 0 [pid 5181] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5183], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5183 [pid 5182] <... memfd_create resumed>) = 3 [pid 5181] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5183] memfd_create("syzkaller", 0) = 4 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5183] <... mmap resumed>) = 0x7efd10dc1000 [pid 5182] <... mmap resumed>) = 0x7efd089c1000 [pid 5182] munmap(0x7efd089c1000, 138412032) = 0 [pid 5182] close(3) = 0 [pid 5182] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5183] munmap(0x7efd10dc1000, 16777216) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5183] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5183] close(4) = 0 [pid 5183] mkdir("./file0", 0777) = 0 [pid 5183] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 56.098302][ T5183] loop0: detected capacity change from 0 to 32768 [ 56.107504][ T5183] XFS (loop0): no-recovery mounts must be read-only. [pid 5183] ioctl(3, LOOP_CLR_FD) = 0 [pid 5183] close(3) = 0 [pid 5183] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5181] exit_group(0 [pid 5182] <... futex resumed>) = ? [pid 5181] <... exit_group resumed>) = ? [pid 5182] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached [pid 5184] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5184] chdir("./39") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... clone resumed>, child_tidptr=0x5555563bb5d0) = 5184 [pid 5184] <... symlink resumed>) = 0 [pid 5184] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5184] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5184] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5185], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5185 [pid 5184] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5185] getgid() = 0 [pid 5185] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5184] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5184] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5186], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5186 [pid 5184] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5185] <... futex resumed>) = 1 [pid 5185] memfd_create("syzkaller", 0) = 3 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5186] memfd_create("syzkaller", 0) = 4 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5186] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16118048 [pid 5186] <... write resumed>) = 16777216 [pid 5186] munmap(0x7efd089c1000, 16777216) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5186] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5186] close(4) = 0 [pid 5186] mkdir("./file0", 0777) = 0 [pid 5186] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5186] ioctl(5, LOOP_CLR_FD [pid 5185] <... write resumed>) = 16118048 [ 56.398422][ T5186] loop0: detected capacity change from 0 to 32768 [ 56.408667][ T5186] XFS (loop0): no-recovery mounts must be read-only. [pid 5185] munmap(0x7efd10dc1000, 16118048) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5185] close(3) = 0 [pid 5185] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5185] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity,") = -1 EINVAL (Invalid argument) [pid 5185] ioctl(4, LOOP_CLR_FD) = 0 [pid 5185] close(4) = 0 [pid 5185] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... ioctl resumed>) = 0 [ 56.470373][ T5185] loop0: detected capacity change from 0 to 31480 [ 56.480496][ T5185] *** Log Format Error ! *** [ 56.485388][ T5185] lmLogInit: exit(-22) [ 56.489490][ T5185] lmLogOpen: exit(-22) [ 56.493556][ T5185] jfs_mount_rw failed, return code = -22 [pid 5186] close(5) = 0 [pid 5186] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5184] exit_group(0) = ? [pid 5185] <... futex resumed>) = ? [pid 5185] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5187 ./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5187] chdir("./40") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5187] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5187] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5188 attached , parent_tid=[5188], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5188 [pid 5188] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5188] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5188] getgid() = 0 [pid 5188] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5187] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] memfd_create("syzkaller", 0 [pid 5187] <... futex resumed>) = 0 [pid 5187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5188] <... memfd_create resumed>) = 3 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5187] <... mmap resumed>) = 0x7efd191c1000 [pid 5188] <... mmap resumed>) = 0x7efd10dc1000 [pid 5187] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5187] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5189 attached , parent_tid=[5189], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5189 [pid 5187] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] set_robust_list(0x7efd191e19e0, 24 [pid 5187] <... futex resumed>) = 0 [pid 5189] <... set_robust_list resumed>) = 0 [pid 5187] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5189] memfd_create("syzkaller", 0) = 4 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16356147 [pid 5189] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5188] <... write resumed>) = 16356147 [pid 5188] munmap(0x7efd10dc1000, 16356147) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5188] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5188] close(3) = 0 [pid 5188] mkdir("./file0", 0777) = 0 [pid 5188] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5189] <... write resumed>) = 16777216 [pid 5189] munmap(0x7efd089c1000, 16777216) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5189] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5189] ioctl(3, LOOP_CLR_FD) = 0 [pid 5189] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5189] close(3) = 0 [pid 5189] close(4 [pid 5188] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5188] ioctl(5, LOOP_CLR_FD) = 0 [pid 5188] close(5) = 0 [pid 5188] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.772920][ T5188] loop0: detected capacity change from 0 to 31945 [ 56.783468][ T5188] *** Log Format Error ! *** [ 56.788656][ T5188] lmLogInit: exit(-22) [ 56.792869][ T5188] lmLogOpen: exit(-22) [ 56.797266][ T5188] jfs_mount_rw failed, return code = -22 [pid 5188] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... close resumed>) = 0 [pid 5189] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5189] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] exit_group(0 [pid 5189] <... futex resumed>) = ? [pid 5188] <... futex resumed>) = ? [pid 5187] <... exit_group resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5190 ./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5190] chdir("./41") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5190] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5190] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5190] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5191 attached , parent_tid=[5191], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5191 [pid 5191] set_robust_list(0x7efd192029e0, 24 [pid 5190] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... set_robust_list resumed>) = 0 [pid 5190] <... futex resumed>) = 0 [pid 5191] getgid( [pid 5190] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... getgid resumed>) = 0 [pid 5191] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5191] <... futex resumed>) = 1 [pid 5190] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5190] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] memfd_create("syzkaller", 0 [pid 5190] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5192], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5192 [pid 5190] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5192 attached [pid 5192] set_robust_list(0x7efd191e19e0, 24 [pid 5190] <... futex resumed>) = 0 [pid 5192] <... set_robust_list resumed>) = 0 [pid 5190] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5192] memfd_create("syzkaller", 0 [pid 5191] <... memfd_create resumed>) = 3 [pid 5192] <... memfd_create resumed>) = 4 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5192] <... mmap resumed>) = 0x7efd10dc1000 [pid 5191] <... mmap resumed>) = 0x7efd089c1000 [pid 5191] munmap(0x7efd089c1000, 138412032) = 0 [pid 5191] close(3) = 0 [pid 5191] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5192] munmap(0x7efd10dc1000, 16777216) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5192] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5192] close(4) = 0 [pid 5192] mkdir("./file0", 0777) = 0 [pid 5192] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 57.010946][ T5192] loop0: detected capacity change from 0 to 32768 [ 57.019949][ T5192] XFS (loop0): no-recovery mounts must be read-only. [pid 5192] ioctl(3, LOOP_CLR_FD) = 0 [pid 5192] close(3) = 0 [pid 5192] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5190] exit_group(0) = ? [pid 5192] <... futex resumed>) = ? [pid 5192] +++ exited with 0 +++ [pid 5191] <... futex resumed>) = ? [pid 5191] +++ exited with 0 +++ [pid 5190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5193 ./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5193] chdir("./42") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5193] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5193] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5194] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... clone resumed>, parent_tid=[5194], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5194 [pid 5193] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5194] getgid() = 0 [pid 5194] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5193] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5193] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] memfd_create("syzkaller", 0 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5194] <... memfd_create resumed>) = 3 [pid 5194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10de2000 [pid 5193] <... mmap resumed>) = 0x7efd10dc1000 [pid 5193] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5193] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5195], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5195 [pid 5193] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x7efd10de19e0, 24) = 0 [pid 5195] memfd_create("syzkaller", 0) = 4 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5194] munmap(0x7efd10de2000, 138412032) = 0 [pid 5194] close(3) = 0 [pid 5194] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5195] munmap(0x7efd089c1000, 16777216) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5195] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5195] close(4) = 0 [pid 5195] mkdir("./file0", 0777) = 0 [pid 5195] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 57.275578][ T5195] loop0: detected capacity change from 0 to 32768 [ 57.284188][ T5195] XFS (loop0): no-recovery mounts must be read-only. [pid 5195] ioctl(3, LOOP_CLR_FD) = 0 [pid 5195] close(3) = 0 [pid 5195] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5193] exit_group(0) = ? [pid 5195] <... futex resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5194] <... futex resumed>) = ? [pid 5194] +++ exited with 0 +++ [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5196 ./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5196] chdir("./43") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5196] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5197], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5197 [pid 5196] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5197 attached [pid 5197] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5197] getgid() = 0 [pid 5197] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5196] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5198], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5198 [pid 5196] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5197] <... futex resumed>) = 1 [pid 5197] memfd_create("syzkaller", 0) = 3 [pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5198] memfd_create("syzkaller", 0) = 4 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5197] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5197] close(3) = 0 [pid 5197] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5198] munmap(0x7efd089c1000, 16777216) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5198] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5198] close(4) = 0 [pid 5198] mkdir("./file0", 0777) = 0 [pid 5198] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 57.540545][ T5198] loop0: detected capacity change from 0 to 32768 [ 57.549077][ T5198] XFS (loop0): no-recovery mounts must be read-only. [pid 5198] ioctl(3, LOOP_CLR_FD) = 0 [pid 5198] close(3) = 0 [pid 5198] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5196] exit_group(0 [pid 5197] <... futex resumed>) = ? [pid 5196] <... exit_group resumed>) = ? [pid 5197] +++ exited with 0 +++ [pid 5198] <... futex resumed>) = ? [pid 5198] +++ exited with 0 +++ [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5199 ./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5199] chdir("./44") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5199] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5200], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5200 [pid 5199] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5200] getgid() = 0 [pid 5200] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5199] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5201], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5201 [pid 5199] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5200] <... futex resumed>) = 1 [pid 5200] memfd_create("syzkaller", 0) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5201] memfd_create("syzkaller", 0) = 4 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5200] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5200] close(3) = 0 [pid 5200] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5201] munmap(0x7efd089c1000, 16777216) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5201] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5201] close(4) = 0 [pid 5201] mkdir("./file0", 0777) = 0 [pid 5201] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 57.785945][ T5201] loop0: detected capacity change from 0 to 32768 [ 57.794804][ T5201] XFS (loop0): no-recovery mounts must be read-only. [pid 5201] ioctl(3, LOOP_CLR_FD) = 0 [pid 5201] close(3) = 0 [pid 5201] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5199] exit_group(0 [pid 5200] <... futex resumed>) = ? [pid 5199] <... exit_group resumed>) = ? [pid 5201] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5202 ./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5202] chdir("./45") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5202] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5203], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5203 [pid 5202] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5203 attached ) = 0 [pid 5202] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5203] getgid() = 0 [pid 5203] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5202] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5203] <... futex resumed>) = 1 [pid 5202] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5204], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5204 [pid 5202] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5204] memfd_create("syzkaller", 0) = 3 [pid 5203] memfd_create("syzkaller", 0 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5203] <... memfd_create resumed>) = 4 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5204] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5204] close(3) = 0 [pid 5204] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [pid 5204] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5203] munmap(0x7efd089c1000, 16777216) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5203] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5203] close(4) = 0 [pid 5203] mkdir("./file0", 0777) = 0 [pid 5203] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity,") = 0 [pid 5203] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5203] chdir("./file0") = 0 [pid 5203] ioctl(3, LOOP_CLR_FD) = 0 [pid 5203] close(3) = 0 [pid 5203] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] exit_group(0 [pid 5204] <... futex resumed>) = ? [pid 5203] <... futex resumed>) = ? [pid 5202] <... exit_group resumed>) = ? [pid 5204] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=14 /* 0.14 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 [ 58.040294][ T5203] loop0: detected capacity change from 0 to 32768 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5205 ./strace-static-x86_64: Process 5205 attached [pid 5205] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5205] chdir("./46") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5205] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5205] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5206] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] <... clone resumed>, parent_tid=[5206], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5206 [pid 5205] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] getgid() = 0 [pid 5206] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5205] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] memfd_create("syzkaller", 0 [pid 5205] <... futex resumed>) = 0 [pid 5206] <... memfd_create resumed>) = 3 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10de2000 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd10dc1000 [pid 5205] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5205] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5207], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5207 [pid 5205] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5207 attached [pid 5207] set_robust_list(0x7efd10de19e0, 24) = 0 [pid 5207] memfd_create("syzkaller", 0) = 4 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5206] munmap(0x7efd10de2000, 138412032) = 0 [pid 5206] close(3) = 0 [pid 5206] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5207] munmap(0x7efd089c1000, 16777216) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5207] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5207] close(4) = 0 [pid 5207] mkdir("./file0", 0777) = 0 [pid 5207] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 58.272316][ T5207] loop0: detected capacity change from 0 to 32768 [ 58.280985][ T5207] XFS (loop0): no-recovery mounts must be read-only. [pid 5207] ioctl(3, LOOP_CLR_FD) = 0 [pid 5207] close(3) = 0 [pid 5207] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] exit_group(0 [pid 5206] <... futex resumed>) = ? [pid 5205] <... exit_group resumed>) = ? [pid 5206] +++ exited with 0 +++ [pid 5207] <... futex resumed>) = ? [pid 5207] +++ exited with 0 +++ [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5208] chdir("./47" [pid 5065] <... clone resumed>, child_tidptr=0x5555563bb5d0) = 5208 [pid 5208] <... chdir resumed>) = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5208] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5209], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5209 [pid 5208] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5209] getgid() = 0 [pid 5209] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5208] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5210], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5210 [pid 5208] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5209] <... futex resumed>) = 1 [pid 5209] memfd_create("syzkaller", 0) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5210 attached [pid 5210] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5210] memfd_create("syzkaller", 0) = 4 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5209] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5209] close(3) = 0 [pid 5209] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5210] munmap(0x7efd089c1000, 16777216) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5210] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5210] close(4) = 0 [pid 5210] mkdir("./file0", 0777) = 0 [pid 5210] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 58.529751][ T5210] loop0: detected capacity change from 0 to 32768 [ 58.538613][ T5210] XFS (loop0): no-recovery mounts must be read-only. [pid 5210] ioctl(3, LOOP_CLR_FD) = 0 [pid 5210] close(3) = 0 [pid 5210] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] <... futex resumed>) = 0 [pid 5208] exit_group(0 [pid 5209] <... futex resumed>) = ? [pid 5208] <... exit_group resumed>) = ? [pid 5209] +++ exited with 0 +++ [pid 5210] <... futex resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5211] chdir("./48") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5211] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5212], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5212 ./strace-static-x86_64: Process 5212 attached [pid 5211] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5212] getgid() = 0 [pid 5212] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5211] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5213], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5213 [pid 5212] memfd_create("syzkaller", 0 [pid 5211] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5213] memfd_create("syzkaller", 0 [pid 5212] <... memfd_create resumed>) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5213] <... memfd_create resumed>) = 4 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [pid 5212] <... mmap resumed>) = 0x7efd089c1000 [pid 5212] munmap(0x7efd089c1000, 138412032) = 0 [pid 5212] close(3) = 0 [pid 5212] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5213] munmap(0x7efd10dc1000, 16777216) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5213] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5213] close(4) = 0 [pid 5213] mkdir("./file0", 0777) = 0 [pid 5213] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 58.766088][ T5213] loop0: detected capacity change from 0 to 32768 [ 58.774489][ T5213] XFS (loop0): no-recovery mounts must be read-only. [pid 5213] ioctl(3, LOOP_CLR_FD) = 0 [pid 5213] close(3) = 0 [pid 5213] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... futex resumed>) = 0 [pid 5211] exit_group(0 [pid 5212] <... futex resumed>) = ? [pid 5211] <... exit_group resumed>) = ? [pid 5212] +++ exited with 0 +++ [pid 5213] <... futex resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5214 ./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5214] chdir("./49") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5214] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x7efd192029e0, 24 [pid 5214] <... clone resumed>, parent_tid=[5215], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5215 [pid 5214] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... set_robust_list resumed>) = 0 [pid 5214] <... futex resumed>) = 0 [pid 5215] getgid() = 0 [pid 5214] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5214] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE [pid 5215] memfd_create("syzkaller", 0 [pid 5214] <... mprotect resumed>) = 0 [pid 5214] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5216 attached [pid 5215] <... memfd_create resumed>) = 3 [pid 5214] <... clone resumed>, parent_tid=[5216], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5216 [pid 5214] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5216] set_robust_list(0x7efd191e19e0, 24 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5216] <... set_robust_list resumed>) = 0 [pid 5215] <... mmap resumed>) = 0x7efd10dc1000 [pid 5216] memfd_create("syzkaller", 0) = 4 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5215] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5215] close(3) = 0 [pid 5215] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5216] munmap(0x7efd089c1000, 16777216) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5216] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5216] close(4) = 0 [pid 5216] mkdir("./file0", 0777) = 0 [pid 5216] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 59.029365][ T5216] loop0: detected capacity change from 0 to 32768 [ 59.038198][ T5216] XFS (loop0): no-recovery mounts must be read-only. [pid 5216] ioctl(3, LOOP_CLR_FD) = 0 [pid 5216] close(3) = 0 [pid 5216] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5216] <... futex resumed>) = 1 [pid 5216] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] exit_group(0 [pid 5216] <... futex resumed>) = ? [pid 5215] <... futex resumed>) = ? [pid 5214] <... exit_group resumed>) = ? [pid 5215] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5217 ./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5217] chdir("./50") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5217] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5218], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5218 ./strace-static-x86_64: Process 5218 attached [pid 5217] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5218] getgid() = 0 [pid 5218] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... futex resumed>) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5217] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] memfd_create("syzkaller", 0 [pid 5217] <... futex resumed>) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5218] <... memfd_create resumed>) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5217] <... mmap resumed>) = 0x7efd191c1000 [pid 5218] <... mmap resumed>) = 0x7efd10dc1000 [pid 5217] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5219 attached , parent_tid=[5219], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5219 [pid 5217] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] set_robust_list(0x7efd191e19e0, 24 [pid 5217] <... futex resumed>) = 0 [pid 5219] <... set_robust_list resumed>) = 0 [pid 5217] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5219] memfd_create("syzkaller", 0) = 4 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5219] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16289927 [pid 5219] <... write resumed>) = 16777216 [pid 5219] munmap(0x7efd089c1000, 16777216) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5219] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5219] close(4) = 0 [pid 5219] mkdir("./file0", 0777) = 0 [pid 5219] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5218] <... write resumed>) = 16289927 [pid 5218] munmap(0x7efd10dc1000, 16289927 [pid 5219] ioctl(5, LOOP_CLR_FD [pid 5218] <... munmap resumed>) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5218] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5218] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5218] close(4) = 0 [ 59.329666][ T5219] loop0: detected capacity change from 0 to 32768 [ 59.339660][ T5219] XFS (loop0): no-recovery mounts must be read-only. [pid 5218] close(3) = 0 [pid 5218] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... ioctl resumed>) = 0 [pid 5219] close(5) = 0 [pid 5219] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] exit_group(0 [pid 5218] <... futex resumed>) = ? [pid 5217] <... exit_group resumed>) = ? [pid 5218] +++ exited with 0 +++ [pid 5219] <... futex resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x5555563bb5e0, 24 [pid 5065] <... clone resumed>, child_tidptr=0x5555563bb5d0) = 5220 [pid 5220] <... set_robust_list resumed>) = 0 [pid 5220] chdir("./51") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5220] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [ 59.425246][ T5067] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5220] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5221], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5221 [pid 5220] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5221] getgid() = 0 [pid 5221] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5220] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5222], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5222 [pid 5220] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5221] <... futex resumed>) = 1 [pid 5221] memfd_create("syzkaller", 0) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5222 attached [pid 5222] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5222] memfd_create("syzkaller", 0) = 4 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5222] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16152075 [pid 5222] <... write resumed>) = 16777216 [pid 5222] munmap(0x7efd089c1000, 16777216) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5222] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5222] close(4) = 0 [pid 5222] mkdir("./file0", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid" [pid 5221] <... write resumed>) = 16152075 [pid 5221] munmap(0x7efd10dc1000, 16152075 [pid 5222] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5222] ioctl(5, LOOP_CLR_FD [pid 5221] <... munmap resumed>) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5221] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5221] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5221] close(4) = 0 [pid 5221] close(3) = 0 [pid 5221] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.659887][ T5222] loop0: detected capacity change from 0 to 32768 [ 59.669870][ T5222] XFS (loop0): no-recovery mounts must be read-only. [pid 5221] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... ioctl resumed>) = 0 [pid 5222] close(5) = 0 [pid 5222] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5220] exit_group(0) = ? [pid 5221] <... futex resumed>) = ? [pid 5222] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=31 /* 0.31 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 59.725799][ T5067] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5223 ./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5223] chdir("./52") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5223] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5223] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5224], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5224 [pid 5223] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5224] getgid() = 0 [pid 5224] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5223] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5225], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5225 [pid 5223] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] <... futex resumed>) = 1 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5224] <... mmap resumed>) = 0x7efd10dc1000 [pid 5225] memfd_create("syzkaller", 0) = 4 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5225] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 15915733 [pid 5225] <... write resumed>) = 16777216 [pid 5225] munmap(0x7efd089c1000, 16777216) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5225] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5225] close(4) = 0 [pid 5225] mkdir("./file0", 0777) = 0 [pid 5225] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5225] ioctl(5, LOOP_CLR_FD [pid 5224] <... write resumed>) = 15915733 [ 59.974994][ T5225] loop0: detected capacity change from 0 to 32768 [ 59.985082][ T5225] XFS (loop0): no-recovery mounts must be read-only. [pid 5224] munmap(0x7efd10dc1000, 15915733) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5224] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5225] <... ioctl resumed>) = 0 [pid 5225] close(5) = 0 [pid 5225] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5225] <... futex resumed>) = 1 [pid 5225] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [pid 5224] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] exit_group(0) = ? [pid 5224] <... futex resumed>) = ? [pid 5224] +++ exited with 0 +++ [pid 5225] <... futex resumed>) = ? [pid 5225] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5226 ./strace-static-x86_64: Process 5226 attached [pid 5226] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5226] chdir("./53") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5226] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5227], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5227 [pid 5226] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5227 attached [pid 5227] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5227] getgid() = 0 [pid 5227] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5226] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5228], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5228 [pid 5226] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5227] <... futex resumed>) = 1 [pid 5227] memfd_create("syzkaller", 0) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 [ 60.062830][ T5224] loop0: detected capacity change from 0 to 31085 [ 60.074235][ T5224] read_mapping_page failed! [ 60.079733][ T5224] jfs_mount: diMount(ipaimap) failed w/rc = -5 [ 60.086354][ T5224] Mount JFS Failure: -5 [ 60.090537][ T5224] jfs_mount failed w/return code = -5 ./strace-static-x86_64: Process 5228 attached [pid 5228] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5228] memfd_create("syzkaller", 0) = 4 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5227] munmap(0x7efd10dc1000, 138412032) = 0 [pid 5227] close(3) = 0 [pid 5227] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5228] munmap(0x7efd089c1000, 16777216) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5228] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5228] close(4) = 0 [pid 5228] mkdir("./file0", 0777) = 0 [pid 5228] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 60.288992][ T5228] loop0: detected capacity change from 0 to 32768 [ 60.297844][ T5228] XFS (loop0): no-recovery mounts must be read-only. [pid 5228] ioctl(3, LOOP_CLR_FD) = 0 [pid 5228] close(3) = 0 [pid 5228] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5226] exit_group(0 [pid 5227] <... futex resumed>) = ? [pid 5226] <... exit_group resumed>) = ? [pid 5227] +++ exited with 0 +++ [pid 5228] <... futex resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5229] chdir("./54") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5229] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5230], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5230 [pid 5229] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5230] getgid() = 0 [pid 5230] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5229] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5231], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5231 [pid 5229] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 1 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5231] memfd_create("syzkaller", 0) = 4 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5231] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16300476 [pid 5231] <... write resumed>) = 16777216 [pid 5231] munmap(0x7efd089c1000, 16777216) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5231] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5231] close(4) = 0 [pid 5231] mkdir("./file0", 0777) = 0 [pid 5231] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5231] ioctl(5, LOOP_CLR_FD [pid 5230] <... write resumed>) = 16300476 [ 60.564196][ T5231] loop0: detected capacity change from 0 to 32768 [ 60.573762][ T5231] XFS (loop0): no-recovery mounts must be read-only. [pid 5230] munmap(0x7efd10dc1000, 16300476) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5230] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5231] <... ioctl resumed>) = 0 [pid 5231] close(5) = 0 [pid 5231] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5231] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... mount resumed>) = -1 EINVAL (Invalid argument) [ 60.659468][ T5230] loop0: detected capacity change from 0 to 31836 [ 60.669600][ T5230] *** Log Format Error ! *** [ 60.674428][ T5230] lmLogInit: exit(-22) [ 60.678926][ T5230] lmLogOpen: exit(-22) [ 60.683363][ T5230] jfs_mount_rw failed, return code = -22 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] exit_group(0 [pid 5231] <... futex resumed>) = ? [pid 5229] <... exit_group resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5230] <... futex resumed>) = ? [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5232 ./strace-static-x86_64: Process 5232 attached [pid 5232] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5232] chdir("./55") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5232] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5233 attached , parent_tid=[5233], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5233 [pid 5233] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5233] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] getgid() = 0 [pid 5233] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5232] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5233] <... mmap resumed>) = 0x7efd10de2000 [pid 5232] <... mmap resumed>) = 0x7efd10dc1000 [pid 5232] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5234], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5234 [pid 5232] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x7efd10de19e0, 24) = 0 [pid 5234] memfd_create("syzkaller", 0) = 4 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5233] munmap(0x7efd10de2000, 138412032) = 0 [pid 5233] close(3) = 0 [pid 5233] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5234] munmap(0x7efd089c1000, 16777216) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5234] ioctl(3, LOOP_SET_FD, 4) = 0 [pid 5234] close(4) = 0 [pid 5234] mkdir("./file0", 0777) = 0 [pid 5234] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [ 60.936830][ T5234] loop0: detected capacity change from 0 to 32768 [ 60.945543][ T5234] XFS (loop0): no-recovery mounts must be read-only. [pid 5234] ioctl(3, LOOP_CLR_FD) = 0 [pid 5234] close(3) = 0 [pid 5234] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5234] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] exit_group(0 [pid 5234] <... futex resumed>) = ? [pid 5232] <... exit_group resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5233] <... futex resumed>) = ? [pid 5233] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=17 /* 0.17 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5235 ./strace-static-x86_64: Process 5235 attached [pid 5235] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5235] chdir("./56") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5235] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5236] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... clone resumed>, parent_tid=[5236], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5236 [pid 5235] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5236] getgid() = 0 [pid 5236] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = 1 [pid 5236] memfd_create("syzkaller", 0 [pid 5235] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] <... memfd_create resumed>) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10de2000 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd10dc1000 [pid 5235] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5237 attached , parent_tid=[5237], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5237 [pid 5235] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5237] set_robust_list(0x7efd10de19e0, 24) = 0 [pid 5237] memfd_create("syzkaller", 0) = 4 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5237] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16238636 [pid 5237] <... write resumed>) = 16777216 [pid 5237] munmap(0x7efd089c1000, 16777216) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5237] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5237] close(4) = 0 [pid 5237] mkdir("./file0", 0777) = 0 [pid 5237] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid") = -1 EINVAL (Invalid argument) [pid 5237] ioctl(5, LOOP_CLR_FD [pid 5236] <... write resumed>) = 16238636 [pid 5236] munmap(0x7efd10de2000, 16238636) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5236] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5236] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5236] close(4) = 0 [ 61.262861][ T5237] loop0: detected capacity change from 0 to 32768 [ 61.273035][ T5237] XFS (loop0): no-recovery mounts must be read-only. [pid 5236] close(3) = 0 [pid 5236] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... ioctl resumed>) = 0 [pid 5237] close(5) = 0 [pid 5237] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... futex resumed>) = 0 [pid 5235] exit_group(0 [pid 5236] <... futex resumed>) = ? [pid 5235] <... exit_group resumed>) = ? [pid 5236] +++ exited with 0 +++ [pid 5237] <... futex resumed>) = ? [pid 5237] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 61.335518][ T5067] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5238 ./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5238] chdir("./57") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5238] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x7efd192029e0, 24 [pid 5238] <... clone resumed>, parent_tid=[5239], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5239 [pid 5239] <... set_robust_list resumed>) = 0 [pid 5239] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] getgid() = 0 [pid 5239] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5238] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] memfd_create("syzkaller", 0) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10de2000 [pid 5238] <... futex resumed>) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd10dc1000 [pid 5238] mprotect(0x7efd10dc2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7efd10de13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5240], tls=0x7efd10de1700, child_tidptr=0x7efd10de19d0) = 5240 [pid 5238] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5240 attached [pid 5240] set_robust_list(0x7efd10de19e0, 24) = 0 [pid 5240] memfd_create("syzkaller", 0) = 4 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16654783 [pid 5240] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5239] <... write resumed>) = 16654783 [pid 5239] munmap(0x7efd10de2000, 16654783) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5239] ioctl(5, LOOP_SET_FD, 3 [pid 5240] <... write resumed>) = 16777216 [pid 5240] munmap(0x7efd089c1000, 16777216 [pid 5239] <... ioctl resumed>) = 0 [pid 5239] close(3) = 0 [pid 5239] mkdir("./file0", 0777) = 0 [pid 5239] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5240] <... munmap resumed>) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5240] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5240] ioctl(3, LOOP_CLR_FD) = 0 [pid 5240] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5240] close(3) = 0 [pid 5240] close(4 [pid 5239] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5239] ioctl(5, LOOP_CLR_FD [pid 5240] <... close resumed>) = 0 [pid 5240] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [ 61.628174][ T5239] loop0: detected capacity change from 0 to 32528 [ 61.640284][ T5239] *** Log Format Error ! *** [ 61.656787][ T5239] lmLogInit: exit(-22) [ 61.661204][ T5239] lmLogOpen: exit(-22) [ 61.665569][ T5239] jfs_mount_rw failed, return code = -22 [pid 5240] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... ioctl resumed>) = 0 [pid 5239] close(5) = 0 [pid 5239] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] exit_group(0 [pid 5240] <... futex resumed>) = ? [pid 5238] <... exit_group resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5239] <... futex resumed>) = ? [pid 5239] +++ exited with 0 +++ [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5241 ./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5241] chdir("./58") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5241] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5242], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5242 [pid 5241] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5242 attached [pid 5242] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5242] getgid() = 0 [pid 5242] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5241] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5243], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5243 [pid 5241] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5242] <... futex resumed>) = 1 [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5243 attached [pid 5243] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5243] memfd_create("syzkaller", 0) = 4 [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5243] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16266479 [pid 5243] <... write resumed>) = 16777216 [pid 5243] munmap(0x7efd089c1000, 16777216) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5243] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5243] close(4) = 0 [pid 5243] mkdir("./file0", 0777) = 0 [pid 5243] mount("/dev/loop0", "./file0", "xfs", MS_NOSUID, "norecovery,nolargeio,filestreams,logbufs=00000000000000000006,discard,,nouuid" [pid 5242] <... write resumed>) = 16266479 [pid 5242] munmap(0x7efd10dc1000, 16266479 [pid 5243] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5243] ioctl(5, LOOP_CLR_FD [pid 5242] <... munmap resumed>) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5242] ioctl(4, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5242] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5242] close(4) = 0 [ 61.922495][ T5243] loop0: detected capacity change from 0 to 32768 [ 61.932648][ T5243] XFS (loop0): no-recovery mounts must be read-only. [pid 5242] close(3) = 0 [pid 5242] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... ioctl resumed>) = 0 [pid 5243] close(5) = 0 [pid 5243] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5241] exit_group(0 [pid 5242] <... futex resumed>) = ? [pid 5241] <... exit_group resumed>) = ? [pid 5242] +++ exited with 0 +++ [pid 5243] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 61.975920][ T5067] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5244 ./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5244] chdir("./59") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5244] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5245], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5245 [pid 5244] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5245] getgid() = 0 [pid 5245] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5244] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5246], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5246 [pid 5244] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5245] <... futex resumed>) = 1 [pid 5245] memfd_create("syzkaller", 0) = 3 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd10dc1000 ./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x7efd191e19e0, 24) = 0 [pid 5246] memfd_create("syzkaller", 0) = 4 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd089c1000 [pid 5245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16148983 [pid 5246] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5245] <... write resumed>) = 16148983 [pid 5245] munmap(0x7efd10dc1000, 16148983) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5245] ioctl(5, LOOP_SET_FD, 3 [pid 5246] <... write resumed>) = 16777216 [pid 5246] munmap(0x7efd089c1000, 16777216 [pid 5245] <... ioctl resumed>) = 0 [pid 5245] close(3) = 0 [pid 5245] mkdir("./file0", 0777) = 0 [pid 5245] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5246] <... munmap resumed>) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5246] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5246] ioctl(3, LOOP_CLR_FD) = 0 [pid 5246] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5246] close(3) = 0 [pid 5246] close(4 [pid 5245] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5245] ioctl(5, LOOP_CLR_FD [pid 5246] <... close resumed>) = 0 [pid 5246] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [ 62.229086][ T5245] loop0: detected capacity change from 0 to 31540 [ 62.240878][ T5245] *** Log Format Error ! *** [ 62.262878][ T5245] lmLogInit: exit(-22) [ 62.267787][ T5245] lmLogOpen: exit(-22) [ 62.271871][ T5245] jfs_mount_rw failed, return code = -22 [pid 5246] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... ioctl resumed>) = 0 [pid 5245] close(5) = 0 [pid 5245] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] exit_group(0) = ? [pid 5246] <... futex resumed>) = ? [pid 5245] <... futex resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563bc620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563c4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563c4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x5555563bc620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563bb5d0) = 5247 ./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5247] chdir("./60") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191e2000 [pid 5247] mprotect(0x7efd191e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] clone(child_stack=0x7efd192023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5248 attached [pid 5248] set_robust_list(0x7efd192029e0, 24) = 0 [pid 5248] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... clone resumed>, parent_tid=[5248], tls=0x7efd19202700, child_tidptr=0x7efd192029d0) = 5248 [pid 5247] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5248] getgid() = 0 [pid 5248] futex(0x7efd192ea7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7efd192ea7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7efd192ea7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] futex(0x7efd192ea7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7efd191c1000 [pid 5247] mprotect(0x7efd191c2000, 131072, PROT_READ|PROT_WRITE [pid 5248] <... futex resumed>) = 0 [pid 5247] <... mprotect resumed>) = 0 [pid 5247] clone(child_stack=0x7efd191e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5247] <... clone resumed>, parent_tid=[5249], tls=0x7efd191e1700, child_tidptr=0x7efd191e19d0) = 5249 ./strace-static-x86_64: Process 5249 attached [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5247] futex(0x7efd192ea7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... mmap resumed>) = 0x7efd10dc1000 [pid 5249] set_robust_list(0x7efd191e19e0, 24 [pid 5247] <... futex resumed>) = 0 [pid 5249] <... set_robust_list resumed>) = 0 [pid 5249] memfd_create("syzkaller", 0) = 4 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5247] futex(0x7efd192ea7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5249] <... mmap resumed>) = 0x7efd089c1000 [pid 5248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 15939780 [pid 5249] write(4, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5248] <... write resumed>) = 15939780 [pid 5248] munmap(0x7efd10dc1000, 15939780) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5248] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] mkdir("./file0", 0777) = 0 [ 62.560699][ T5248] loop0: detected capacity change from 0 to 31132 [ 62.571967][ T5248] ================================================================================ [ 62.581678][ T5248] UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:201:29 [ 62.589098][ T5248] shift exponent -1 is negative [ 62.594266][ T5248] CPU: 1 PID: 5248 Comm: syz-executor395 Not tainted 6.2.0-rc7-syzkaller-00013-g513c1a3d3f19 #0 [ 62.604732][ T5248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 62.614791][ T5248] Call Trace: [ 62.618084][ T5248] [ 62.621011][ T5248] dump_stack_lvl+0xd1/0x138 [ 62.625635][ T5248] ubsan_epilogue+0xa/0x31 [ 62.630066][ T5248] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 [ 62.636856][ T5248] ? folio_unlock+0x7d/0xd0 [ 62.641541][ T5248] dbMount.cold+0x17/0x38 [ 62.645876][ T5248] jfs_mount+0x267/0x7b0 [ 62.650120][ T5248] jfs_fill_super+0x5a8/0xc80 [ 62.654794][ T5248] ? jfs_remount+0x650/0x650 [ 62.659471][ T5248] ? set_blocksize+0x2c9/0x370 [ 62.664248][ T5248] mount_bdev+0x351/0x410 [ 62.668579][ T5248] ? jfs_remount+0x650/0x650 [ 62.673166][ T5248] ? jfs_get_dquots+0x20/0x20 [ 62.677858][ T5248] legacy_get_tree+0x109/0x220 [ 62.682623][ T5248] vfs_get_tree+0x8d/0x2f0 [ 62.687044][ T5248] path_mount+0x132a/0x1e20 [ 62.691546][ T5248] ? kmem_cache_free+0xee/0x5c0 [ 62.696570][ T5248] ? finish_automount+0x960/0x960 [ 62.701612][ T5248] ? putname+0x102/0x140 [ 62.705879][ T5248] __x64_sys_mount+0x283/0x300 [ 62.710645][ T5248] ? copy_mnt_ns+0xb30/0xb30 [ 62.715231][ T5248] ? lockdep_hardirqs_on+0x7d/0x100 [ 62.720438][ T5248] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.725633][ T5248] ? ptrace_notify+0xfe/0x140 [ 62.730309][ T5248] do_syscall_64+0x39/0xb0 [ 62.734727][ T5248] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.740633][ T5248] RIP: 0033:0x7efd19257c5a [ 62.745042][ T5248] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.764677][ T5248] RSP: 002b:00007efd19202118 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 62.773113][ T5248] RAX: ffffffffffffffda RBX: 00007efd192026b8 RCX: 00007efd19257c5a [ 62.781084][ T5248] RDX: 0000000020005e00 RSI: 0000000020000000 RDI: 00007efd19202170 [ 62.789144][ T5248] RBP: 0000000000000005 R08: 00007efd192021b0 R09: 0000000000005f06 [ 62.797114][ T5248] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020005e00 [pid 5248] mount("/dev/loop0", "./file0", "jfs", 0, "discard=0x0000000000000004,gid=0x0000000000000000,quota,iocharset=iso8859-4,integrity," [pid 5249] <... write resumed>) = 16777216 [pid 5249] munmap(0x7efd089c1000, 16777216) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5249] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5249] ioctl(3, LOOP_CLR_FD) = 0 [pid 5249] ioctl(3, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5249] close(3) = 0 [ 62.805098][ T5248] R13: 0000000020000000 R14: 0000000000005f0c R15: 0000000020000100 [ 62.813168][ T5248] [ 62.819700][ T5248] ================================================================================ [ 62.836328][ T5248] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 62.843814][ T5248] CPU: 1 PID: 5248 Comm: syz-executor395 Not tainted 6.2.0-rc7-syzkaller-00013-g513c1a3d3f19 #0 [pid 5249] close(4) = 0 [pid 5249] futex(0x7efd192ea7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5249] <... futex resumed>) = 1 [ 62.854324][ T5248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 62.864393][ T5248] Call Trace: [ 62.867715][ T5248] [ 62.870658][ T5248] dump_stack_lvl+0xd1/0x138 [ 62.875275][ T5248] panic+0x2cc/0x626 [ 62.879193][ T5248] ? panic_print_sys_info.part.0+0x110/0x110 [ 62.885196][ T5248] ? record_print_text.cold+0x16/0x16 [ 62.890615][ T5248] check_panic_on_warn.cold+0x19/0x35 [ 62.895983][ T5248] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 [ 62.902771][ T5248] ? folio_unlock+0x7d/0xd0 [ 62.907292][ T5248] dbMount.cold+0x17/0x38 [ 62.911627][ T5248] jfs_mount+0x267/0x7b0 [ 62.915876][ T5248] jfs_fill_super+0x5a8/0xc80 [ 62.920590][ T5248] ? jfs_remount+0x650/0x650 [ 62.925250][ T5248] ? set_blocksize+0x2c9/0x370 [ 62.930026][ T5248] mount_bdev+0x351/0x410 [ 62.934365][ T5248] ? jfs_remount+0x650/0x650 [ 62.938950][ T5248] ? jfs_get_dquots+0x20/0x20 [ 62.943662][ T5248] legacy_get_tree+0x109/0x220 [ 62.948467][ T5248] vfs_get_tree+0x8d/0x2f0 [ 62.952881][ T5248] path_mount+0x132a/0x1e20 [ 62.957410][ T5248] ? kmem_cache_free+0xee/0x5c0 [pid 5249] futex(0x7efd192ea7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] exit_group(0 [pid 5249] <... futex resumed>) = ? [pid 5247] <... exit_group resumed>) = ? [pid 5249] +++ exited with 0 +++ [ 62.962268][ T5248] ? finish_automount+0x960/0x960 [ 62.967318][ T5248] ? putname+0x102/0x140 [ 62.971583][ T5248] __x64_sys_mount+0x283/0x300 [ 62.976428][ T5248] ? copy_mnt_ns+0xb30/0xb30 [ 62.981006][ T5248] ? lockdep_hardirqs_on+0x7d/0x100 [ 62.986196][ T5248] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.991406][ T5248] ? ptrace_notify+0xfe/0x140 [ 62.996085][ T5248] do_syscall_64+0x39/0xb0 [ 63.000519][ T5248] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.006401][ T5248] RIP: 0033:0x7efd19257c5a [ 63.010807][ T5248] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.030517][ T5248] RSP: 002b:00007efd19202118 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 63.038936][ T5248] RAX: ffffffffffffffda RBX: 00007efd192026b8 RCX: 00007efd19257c5a [ 63.046902][ T5248] RDX: 0000000020005e00 RSI: 0000000020000000 RDI: 00007efd19202170 [ 63.054855][ T5248] RBP: 0000000000000005 R08: 00007efd192021b0 R09: 0000000000005f06 [ 63.062811][ T5248] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020005e00 [ 63.070771][ T5248] R13: 0000000020000000 R14: 0000000000005f0c R15: 0000000020000100 [ 63.078743][ T5248] [ 63.082240][ T5248] Kernel Offset: disabled [ 63.086651][ T5248] Rebooting in 86400 seconds..