./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4006323212 <...> Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. execve("./syz-executor4006323212", ["./syz-executor4006323212"], 0x7ffd60d0d760 /* 10 vars */) = 0 brk(NULL) = 0x555582792000 brk(0x555582792d40) = 0x555582792d40 arch_prctl(ARCH_SET_FS, 0x5555827923c0) = 0 set_tid_address(0x555582792690) = 5839 set_robust_list(0x5555827926a0, 24) = 0 rseq(0x555582792ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4006323212", 4096) = 28 getrandom("\x32\xe3\x83\xd6\x6d\x92\xa8\x45", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555582792d40 brk(0x5555827b3d40) = 0x5555827b3d40 brk(0x5555827b4000) = 0x5555827b4000 mprotect(0x7f409187b000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached [pid 5840] set_robust_list(0x5555827926a0, 24 [pid 5839] <... clone resumed>, child_tidptr=0x555582792690) = 5840 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] mkdir("./syzkaller.pIftos", 0700) = 0 ./strace-static-x86_64: Process 5841 attached [pid 5841] set_robust_list(0x5555827926a0, 24 [pid 5840] chmod("./syzkaller.pIftos", 0777 [pid 5839] <... clone resumed>, child_tidptr=0x555582792690) = 5841 [pid 5841] <... set_robust_list resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... chmod resumed>) = 0 [pid 5840] chdir("./syzkaller.pIftos") = 0 [pid 5840] mkdir("./0", 0777 [pid 5841] mkdir("./syzkaller.Fw3hqc", 0700 [pid 5840] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5842 attached [pid 5839] <... clone resumed>, child_tidptr=0x555582792690) = 5842 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5843 attached [pid 5842] set_robust_list(0x5555827926a0, 24 [pid 5841] <... mkdir resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555582792690) = 5843 [pid 5843] set_robust_list(0x5555827926a0, 24 [pid 5842] <... set_robust_list resumed>) = 0 [pid 5841] chmod("./syzkaller.Fw3hqc", 0777 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] <... set_robust_list resumed>) = 0 [pid 5842] mkdir("./syzkaller.eESyeo", 0700 [pid 5841] <... chmod resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5843] mkdir("./syzkaller.s2G7rI", 0700./strace-static-x86_64: Process 5844 attached [pid 5842] <... mkdir resumed>) = 0 [pid 5841] chdir("./syzkaller.Fw3hqc" [pid 5840] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5844] set_robust_list(0x5555827926a0, 24 [pid 5839] <... clone resumed>, child_tidptr=0x555582792690) = 5844 [pid 5842] chmod("./syzkaller.eESyeo", 0777 [pid 5841] <... chdir resumed>) = 0 [pid 5840] close(3 [pid 5843] <... mkdir resumed>) = 0 [pid 5841] mkdir("./0", 0777 [pid 5844] <... set_robust_list resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5843] chmod("./syzkaller.s2G7rI", 0777) = 0 [pid 5843] chdir("./syzkaller.s2G7rI") = 0 [pid 5843] mkdir("./0", 0777) = 0 [pid 5844] mkdir("./syzkaller.fAfjhp", 0700 [pid 5842] <... chmod resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 5846 attached [pid 5844] <... mkdir resumed>) = 0 [pid 5842] chdir("./syzkaller.eESyeo" [pid 5841] <... openat resumed>) = 3 [pid 5843] <... openat resumed>) = 3 [pid 5842] <... chdir resumed>) = 0 [pid 5846] set_robust_list(0x5555827926a0, 24 [pid 5844] chmod("./syzkaller.fAfjhp", 0777 [pid 5846] <... set_robust_list resumed>) = 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] <... clone resumed>, child_tidptr=0x555582792690) = 5846 [pid 5842] mkdir("./0", 0777 [pid 5843] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5844] <... chmod resumed>) = 0 [pid 5841] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5844] chdir("./syzkaller.fAfjhp") = 0 [pid 5846] chdir("./0" [pid 5844] mkdir("./0", 0777 [pid 5843] close(3 [pid 5842] <... mkdir resumed>) = 0 [pid 5841] close(3 [pid 5846] <... chdir resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5844] <... mkdir resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5846] <... prctl resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5844] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 5848 attached ./strace-static-x86_64: Process 5847 attached [pid 5846] setpgid(0, 0 [pid 5848] set_robust_list(0x5555827926a0, 24 [pid 5844] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5848] <... set_robust_list resumed>) = 0 [pid 5846] <... setpgid resumed>) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5843] <... clone resumed>, child_tidptr=0x555582792690) = 5847 [pid 5848] chdir("./0") = 0 [pid 5846] <... openat resumed>) = 3 [pid 5842] close(3 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5844] ioctl(3, LOOP_CLR_FD [pid 5842] <... close resumed>) = 0 [pid 5848] <... prctl resumed>) = 0 [pid 5847] set_robust_list(0x5555827926a0, 24 [pid 5846] write(3, "1000", 4 [pid 5841] <... clone resumed>, child_tidptr=0x555582792690) = 5848 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5846] <... write resumed>) = 4 [pid 5848] setpgid(0, 0 [pid 5847] chdir("./0" [pid 5846] close(3 [pid 5844] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... setpgid resumed>) = 0 [pid 5847] <... chdir resumed>) = 0 [pid 5846] <... close resumed>) = 0 [pid 5844] close(3 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5846] symlink("/dev/binderfs", "./binderfs" [pid 5844] <... close resumed>) = 0 [pid 5847] <... prctl resumed>) = 0 [pid 5844] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached [pid 5848] <... openat resumed>) = 3 [pid 5847] setpgid(0, 0 [pid 5846] <... symlink resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x555582792690) = 5849 [pid 5849] set_robust_list(0x5555827926a0, 24 [pid 5847] <... setpgid resumed>) = 0 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5848] write(3, "1000", 4 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 5846] write(1, "executing program\n", 18 [pid 5849] chdir("./0" [pid 5848] <... write resumed>) = 4 ./strace-static-x86_64: Process 5850 attached [pid 5849] <... chdir resumed>) = 0 [pid 5848] close(3 [pid 5847] <... openat resumed>) = 3 [pid 5846] <... write resumed>) = 18 [pid 5850] set_robust_list(0x5555827926a0, 24 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5847] write(3, "1000", 4 [pid 5846] futex(0x7f40918816ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... set_robust_list resumed>) = 0 [pid 5849] <... prctl resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5847] <... write resumed>) = 4 [pid 5846] <... futex resumed>) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x555582792690) = 5850 [pid 5849] setpgid(0, 0 [pid 5848] symlink("/dev/binderfs", "./binderfs" [pid 5847] close(3 [pid 5849] <... setpgid resumed>) = 0 [pid 5847] <... close resumed>) = 0 [pid 5846] rt_sigaction(SIGRT_1, {sa_handler=0x7f409181a160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f409180b310}, [pid 5850] chdir("./0" [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] symlink("/dev/binderfs", "./binderfs" [pid 5846] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5850] <... chdir resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5848] <... symlink resumed>) = 0 [pid 5846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5847] <... symlink resumed>) = 0 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] <... prctl resumed>) = 0 executing program [pid 5849] write(3, "1000", 4 [pid 5848] write(1, "executing program\n", 18 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 5850] setpgid(0, 0 [pid 5849] <... write resumed>) = 4 [pid 5848] <... write resumed>) = 18 [pid 5847] write(1, "executing program\n", 18 [pid 5850] <... setpgid resumed>) = 0 [pid 5849] close(3 [pid 5848] futex(0x7f40918816ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... write resumed>) = 18 [pid 5846] <... mmap resumed>) = 0x7f4091788000 [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... close resumed>) = 0 [pid 5848] <... futex resumed>) = 0 [pid 5847] futex(0x7f40918816ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] mprotect(0x7f4091789000, 131072, PROT_READ|PROT_WRITE [pid 5850] <... openat resumed>) = 3 [pid 5849] symlink("/dev/binderfs", "./binderfs" [pid 5848] rt_sigaction(SIGRT_1, {sa_handler=0x7f409181a160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f409180b310}, [pid 5847] <... futex resumed>) = 0 [pid 5846] <... mprotect resumed>) = 0 [pid 5848] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5847] rt_sigaction(SIGRT_1, {sa_handler=0x7f409181a160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f409180b310}, [pid 5846] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5850] write(3, "1000", 4 [pid 5849] <... symlink resumed>) = 0 [pid 5848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5847] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5849] write(1, "executing program\n", 18 [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 5850] <... write resumed>) = 4 [pid 5849] <... write resumed>) = 18 [pid 5848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5846] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5850] close(3 [pid 5849] futex(0x7f40918816ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... mmap resumed>) = 0x7f4091788000 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] <... close resumed>) = 0 [pid 5849] <... futex resumed>) = 0 [pid 5848] mprotect(0x7f4091789000, 131072, PROT_READ|PROT_WRITE [pid 5847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f40917a8990, parent_tid=0x7f40917a8990, exit_signal=0, stack=0x7f4091788000, stack_size=0x20300, tls=0x7f40917a86c0} [pid 5850] symlink("/dev/binderfs", "./binderfs" [pid 5849] rt_sigaction(SIGRT_1, {sa_handler=0x7f409181a160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f409180b310}, [pid 5848] <... mprotect resumed>) = 0 [pid 5849] <... rt_sigaction resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5851 attached [pid 5850] <... symlink resumed>) = 0 [pid 5848] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5847] <... mmap resumed>) = 0x7f4091788000 executing program [pid 5851] rseq(0x7f40917a8fe0, 0x20, 0, 0x53053053 [pid 5850] write(1, "executing program\n", 18 [pid 5849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5848] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5847] mprotect(0x7f4091789000, 131072, PROT_READ|PROT_WRITE [pid 5851] <... rseq resumed>) = 0 [pid 5850] <... write resumed>) = 18 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f40917a8990, parent_tid=0x7f40917a8990, exit_signal=0, stack=0x7f4091788000, stack_size=0x20300, tls=0x7f40917a86c0} [pid 5847] <... mprotect resumed>) = 0 [pid 5846] <... clone3 resumed> => {parent_tid=[5851]}, 88) = 5851 ./strace-static-x86_64: Process 5852 attached [pid 5851] set_robust_list(0x7f40917a89a0, 24 [pid 5850] futex(0x7f40918816ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5847] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] rseq(0x7f40917a8fe0, 0x20, 0, 0x53053053 [pid 5851] <... set_robust_list resumed>) = 0 [pid 5850] <... futex resumed>) = 0 [pid 5849] <... mmap resumed>) = 0x7f4091788000 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] <... clone3 resumed> => {parent_tid=[5852]}, 88) = 5852 [pid 5849] mprotect(0x7f4091789000, 131072, PROT_READ|PROT_WRITE [pid 5852] <... rseq resumed>) = 0 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] rt_sigaction(SIGRT_1, {sa_handler=0x7f409181a160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f409180b310}, [pid 5847] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] set_robust_list(0x7f40917a89a0, 24 [pid 5851] futex(0x7f40918816a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5850] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5849] <... mprotect resumed>) = 0 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f40917a8990, parent_tid=0x7f40917a8990, exit_signal=0, stack=0x7f4091788000, stack_size=0x20300, tls=0x7f40917a86c0} [pid 5846] futex(0x7f40918816a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5853 attached [pid 5852] <... set_robust_list resumed>) = 0 [pid 5851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5850] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] rseq(0x7f40917a8fe0, 0x20, 0, 0x53053053 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] memfd_create("syzkaller", 0 [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] <... futex resumed>) = 0 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5848] futex(0x7f40918816a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... rseq resumed>) = 0 [pid 5850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5847] <... clone3 resumed> => {parent_tid=[5853]}, 88) = 5853 [pid 5846] futex(0x7f40918816ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] set_robust_list(0x7f40917a89a0, 24 [pid 5850] <... mmap resumed>) = 0x7f4091788000 [pid 5848] <... futex resumed>) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] memfd_create("syzkaller", 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f40917a8990, parent_tid=0x7f40917a8990, exit_signal=0, stack=0x7f4091788000, stack_size=0x20300, tls=0x7f40917a86c0} [pid 5851] <... memfd_create resumed>) = 3 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5850] mprotect(0x7f4091789000, 131072, PROT_READ|PROT_WRITE [pid 5848] futex(0x7f40918816ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5854 attached [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... mprotect resumed>) = 0 [pid 5847] futex(0x7f40918816a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] rseq(0x7f40917a8fe0, 0x20, 0, 0x53053053 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] <... memfd_create resumed>) = 3 [pid 5851] <... mmap resumed>) = 0x7f4089388000 [pid 5850] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5847] <... futex resumed>) = 0 [pid 5854] <... rseq resumed>) = 0 [pid 5853] memfd_create("syzkaller", 0 [pid 5849] <... clone3 resumed> => {parent_tid=[5854]}, 88) = 5854 [pid 5854] set_robust_list(0x7f40917a89a0, 24 [pid 5853] <... memfd_create resumed>) = 3 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] futex(0x7f40918816ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5854] <... set_robust_list resumed>) = 0 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f40917a8990, parent_tid=0x7f40917a8990, exit_signal=0, stack=0x7f4091788000, stack_size=0x20300, tls=0x7f40917a86c0} [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... mmap resumed>) = 0x7f4089388000 [pid 5852] <... mmap resumed>) = 0x7f4089388000 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] futex(0x7f40918816a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5855 attached [pid 5854] memfd_create("syzkaller", 0 [pid 5849] <... futex resumed>) = 0 [pid 5855] rseq(0x7f40917a8fe0, 0x20, 0, 0x53053053 [pid 5854] <... memfd_create resumed>) = 3 [pid 5850] <... clone3 resumed> => {parent_tid=[5855]}, 88) = 5855 [pid 5855] <... rseq resumed>) = 0 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5855] set_robust_list(0x7f40917a89a0, 24 [pid 5854] <... mmap resumed>) = 0x7f4089388000 [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5850] futex(0x7f40918816a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] futex(0x7f40918816ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] <... futex resumed>) = 0 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] futex(0x7f40918816ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] memfd_create("syzkaller", 0) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4089388000 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5855] <... write resumed>) = 16777216 [pid 5855] munmap(0x7f4089388000, 138412032) = 0 [pid 5852] <... write resumed>) = 16777216 [pid 5855] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5852] munmap(0x7f4089388000, 138412032 [pid 5851] <... write resumed>) = 16777216 [pid 5855] <... openat resumed>) = 4 [pid 5854] <... write resumed>) = 16777216 [pid 5852] <... munmap resumed>) = 0 [pid 5855] ioctl(4, LOOP_SET_FD, 3 [pid 5854] munmap(0x7f4089388000, 138412032 [pid 5853] <... write resumed>) = 16777216 [pid 5852] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5851] munmap(0x7f4089388000, 138412032 [pid 5855] <... ioctl resumed>) = 0 [pid 5855] close(3 [pid 5852] <... openat resumed>) = 4 [pid 5855] <... close resumed>) = 0 [pid 5855] close(4 [pid 5852] ioctl(4, LOOP_SET_FD, 3 [pid 5855] <... close resumed>) = 0 [pid 5852] <... ioctl resumed>) = 0 [pid 5855] mkdir("./file1", 0777) = 0 [pid 5853] munmap(0x7f4089388000, 138412032 [pid 5852] close(3 [pid 5855] mount("/dev/loop4", "./file1", "jfs", MS_NOSUID|MS_NODEV|MS_POSIXACL|MS_STRICTATIME, "iocharset=koi8-u,discard=0x0000000000000004,iocharset=iso8859-9,errors=continue,discard=0x0000000000"... [pid 5854] <... munmap resumed>) = 0 [pid 5853] <... munmap resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5851] <... munmap resumed>) = 0 [pid 5852] close(4) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5852] mkdir("./file1", 0777 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5855] <... mount resumed>) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5853] <... openat resumed>) = 4 [pid 5852] <... mkdir resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 5855] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5854] <... openat resumed>) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3 [pid 5852] mount("/dev/loop1", "./file1", "jfs", MS_NOSUID|MS_NODEV|MS_POSIXACL|MS_STRICTATIME, "iocharset=koi8-u,discard=0x0000000000000004,iocharset=iso8859-9,errors=continue,discard=0x0000000000"... [pid 5851] ioctl(4, LOOP_SET_FD, 3 [pid 5855] <... openat resumed>) = 3 [ 75.490864][ T5855] loop4: detected capacity change from 0 to 32768 [ 75.494762][ T5852] loop1: detected capacity change from 0 to 32768 [pid 5851] <... ioctl resumed>) = 0 [pid 5855] chdir("./file1" [pid 5854] ioctl(4, LOOP_SET_FD, 3 [pid 5853] <... ioctl resumed>) = 0 [pid 5855] <... chdir resumed>) = 0 [pid 5854] <... ioctl resumed>) = 0 [pid 5853] close(3 [pid 5851] close(3 [pid 5855] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5853] <... close resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5855] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5853] close(4 [pid 5855] futex(0x7f40918816ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... close resumed>) = 0 [pid 5851] close(4 [pid 5855] <... futex resumed>) = 1 [pid 5853] mkdir("./file1", 0777 [pid 5851] <... close resumed>) = 0 [pid 5850] <... futex resumed>) = 0 [pid 5855] futex(0x7f40918816a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] close(3 [pid 5853] <... mkdir resumed>) = 0 [pid 5851] mkdir("./file1", 0777 [pid 5850] exit_group(0 [pid 5855] <... futex resumed>) = ? [pid 5854] <... close resumed>) = 0 [pid 5853] mount("/dev/loop3", "./file1", "jfs", MS_NOSUID|MS_NODEV|MS_POSIXACL|MS_STRICTATIME, "iocharset=koi8-u,discard=0x0000000000000004,iocharset=iso8859-9,errors=continue,discard=0x0000000000"... [pid 5851] <... mkdir resumed>) = 0 [pid 5850] <... exit_group resumed>) = ? [pid 5855] +++ exited with 0 +++ [pid 5854] close(4 [pid 5852] <... mount resumed>) = 0 [pid 5851] mount("/dev/loop0", "./file1", "jfs", MS_NOSUID|MS_NODEV|MS_POSIXACL|MS_STRICTATIME, "iocharset=koi8-u,discard=0x0000000000000004,iocharset=iso8859-9,errors=continue,discard=0x0000000000"... [pid 5850] +++ exited with 0 +++ [pid 5854] <... close resumed>) = 0 [pid 5852] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5844] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=17 /* 0.17 s */} --- [pid 5854] mkdir("./file1", 0777 [pid 5844] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5844] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5854] <... mkdir resumed>) = 0 [pid 5853] <... mount resumed>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5853] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5852] chdir("./file1" [pid 5844] <... openat resumed>) = 3 [pid 5854] mount("/dev/loop2", "./file1", "jfs", MS_NOSUID|MS_NODEV|MS_POSIXACL|MS_STRICTATIME, "iocharset=koi8-u,discard=0x0000000000000004,iocharset=iso8859-9,errors=continue,discard=0x0000000000"... [pid 5853] <... openat resumed>) = 3 [pid 5852] <... chdir resumed>) = 0 [pid 5844] newfstatat(3, "", [pid 5853] chdir("./file1" [pid 5852] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5851] <... mount resumed>) = 0 [pid 5844] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5844] getdents64(3, 0x555582793730 /* 4 entries */, 32768) = 112 [pid 5853] <... chdir resumed>) = 0 [pid 5852] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5851] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5844] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] futex(0x7f40918816ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... openat resumed>) = 3 [pid 5852] <... futex resumed>) = 1 [pid 5851] chdir("./file1" [pid 5852] futex(0x7f40918816a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] <... chdir resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5853] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5851] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5853] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5851] futex(0x7f40918816ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] futex(0x7f40918816ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... futex resumed>) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 1 [pid 5851] futex(0x7f40918816a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] exit_group(0 [pid 5853] futex(0x7f40918816a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = ? [pid 5848] <... exit_group resumed>) = ? [pid 5852] +++ exited with 0 +++ [pid 5848] +++ exited with 0 +++ [pid 5846] <... futex resumed>) = 0 [ 75.556497][ T5851] loop0: detected capacity change from 0 to 32768 [ 75.558418][ T5853] loop3: detected capacity change from 0 to 32768 [ 75.565529][ T5854] loop2: detected capacity change from 0 to 32768 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=16 /* 0.16 s */} --- [pid 5846] exit_group(0 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5851] <... futex resumed>) = ? [pid 5846] <... exit_group resumed>) = ? [pid 5841] <... restart_syscall resumed>) = 0 [pid 5851] +++ exited with 0 +++ [pid 5846] +++ exited with 0 +++ [pid 5854] <... mount resumed>) = 0 [pid 5847] <... futex resumed>) = 0 [pid 5841] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5854] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5847] exit_group(0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=19 /* 0.19 s */} --- [pid 5854] <... openat resumed>) = 3 [pid 5853] <... futex resumed>) = ? [pid 5847] <... exit_group resumed>) = ? [pid 5841] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5854] chdir("./file1" [pid 5853] +++ exited with 0 +++ [pid 5841] <... openat resumed>) = 3 [pid 5854] <... chdir resumed>) = 0 [pid 5847] +++ exited with 0 +++ [pid 5840] <... restart_syscall resumed>) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] newfstatat(3, "", [pid 5854] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=22 /* 0.22 s */} --- [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5854] futex(0x7f40918816ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... umount2 resumed>) = 0 [pid 5843] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(3, [pid 5840] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5854] <... futex resumed>) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x555582793730 /* 4 entries */, 32768) = 112 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] exit_group(0 [pid 5843] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... exit_group resumed>) = ? [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 5840] <... openat resumed>) = 3 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5854] +++ exited with 0 +++ [pid 5849] +++ exited with 0 +++ [pid 5840] newfstatat(3, "", [pid 5843] getdents64(3, [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=17 /* 0.17 s */} --- [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... getdents64 resumed>0x555582793730 /* 4 entries */, 32768) = 112 [pid 5840] getdents64(3, [pid 5843] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... getdents64 resumed>0x555582793730 /* 4 entries */, 32768) = 112 [pid 5844] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5844] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5844] newfstatat(AT_FDCWD, "./0/file1", [pid 5842] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5844] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5844] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] newfstatat(3, "", [pid 5844] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5844] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] getdents64(3, [pid 5844] <... openat resumed>) = 4 [pid 5842] <... getdents64 resumed>0x555582793730 /* 4 entries */, 32768) = 112 [pid 5844] newfstatat(4, "", [pid 5842] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5844] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5844] getdents64(4, 0x55558279b770 /* 2 entries */, 32768) = 48 [pid 5844] getdents64(4, 0x55558279b770 /* 0 entries */, 32768) = 0 [pid 5844] close(4) = 0 [pid 5844] rmdir("./0/file1") = 0 [pid 5844] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5844] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5844] unlink("./0/binderfs" [pid 5843] <... umount2 resumed>) = 0 [pid 5844] <... unlink resumed>) = 0 [pid 5843] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5844] getdents64(3, [pid 5843] <... openat resumed>) = 4 [pid 5844] <... getdents64 resumed>0x555582793730 /* 0 entries */, 32768) = 0 [pid 5843] newfstatat(4, "", [pid 5844] close(3) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 75.740636][ T5842] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI [ 75.740665][ T5842] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 75.740695][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: syz-executor400 Tainted: G W 6.17.0-rc2-syzkaller #0 PREEMPT_{RT,(full)} [ 75.740726][ T5842] Tainted: [W]=WARN [ 75.740733][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 75.740746][ T5842] RIP: 0010:lmLogSync+0x1f1/0x9d0 [ 75.740784][ T5842] Code: 80 87 fe 4d 8d 7e d8 4c 89 f8 48 c1 e8 03 80 3c 18 00 74 08 4c 89 ff e8 1d b3 e6 fe 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ff e8 01 b3 e6 fe 49 8b 3f e8 19 fa bd fe [ 75.740801][ T5842] RSP: 0018:ffffc900048dfa80 EFLAGS: 00010206 [ 75.740822][ T5842] RAX: 0000000000000006 RBX: dffffc0000000000 RCX: ffff888027450000 [ 75.740837][ T5842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.740850][ T5842] RBP: ffffc900048dfb88 R08: 0000000000000000 R09: 0000000000000000 [ 75.740863][ T5842] R10: ffffc900048df868 R11: fffff5200091bf3a R12: 0000000000000000 [ 75.740878][ T5842] R13: ffff888028ebb000 R14: ffff88802cba3c38 R15: 0000000000000030 [ 75.740893][ T5842] FS: 00005555827923c0(0000) GS:ffff8881269c5000(0000) knlGS:0000000000000000 [ 75.740911][ T5842] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.740926][ T5842] CR2: 00007fee977fa000 CR3: 0000000042612000 CR4: 00000000003526f0 [ 75.740944][ T5842] Call Trace: [ 75.740952][ T5842] [ 75.740962][ T5842] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 75.740991][ T5842] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.741027][ T5842] ? __pfx_lmLogSync+0x10/0x10 [ 75.741062][ T5842] ? jfs_syncpt+0x25/0x90 [ 75.741093][ T5842] jfs_syncpt+0x7b/0x90 [ 75.741124][ T5842] jfs_sync_fs+0x87/0xa0 [ 75.741149][ T5842] sync_filesystem+0xea/0x250 [ 75.741181][ T5842] generic_shutdown_super+0x6f/0x2c0 [ 75.741207][ T5842] kill_block_super+0x44/0x90 [ 75.741233][ T5842] deactivate_locked_super+0xbc/0x130 [ 75.741257][ T5842] cleanup_mnt+0x425/0x4c0 [ 75.741281][ T5842] task_work_run+0x1d1/0x260 [ 75.741304][ T5842] ? __pfx_task_work_run+0x10/0x10 [ 75.741327][ T5842] ? path_umount+0x1ea/0xb70 [ 75.741353][ T5842] ptrace_notify+0x281/0x2c0 [ 75.741379][ T5842] ? __pfx_ptrace_notify+0x10/0x10 [ 75.741406][ T5842] ? __x64_sys_umount+0x122/0x160 [ 75.741431][ T5842] ? __pfx___x64_sys_umount+0x10/0x10 [ 75.741461][ T5842] syscall_exit_work+0xc6/0x1d0 [ 75.741492][ T5842] do_syscall_64+0x2ad/0x3b0 [ 75.741520][ T5842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.741541][ T5842] ? clear_bhb_loop+0x60/0xb0 [ 75.741564][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.741585][ T5842] RIP: 0033:0x7f40917f4fa7 [ 75.741609][ T5842] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 75.741626][ T5842] RSP: 002b:00007ffdcc097348 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 75.741647][ T5842] RAX: 0000000000000000 RBX: 00000000000122d6 RCX: 00007f40917f4fa7 [ 75.741661][ T5842] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdcc097400 [ 75.741675][ T5842] RBP: 00007ffdcc097400 R08: 0000000000000000 R09: 0000000000000000 [ 75.741688][ T5842] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffdcc0984b0 [ 75.741702][ T5842] R13: 0000555582793700 R14: 431bde82d7b634db R15: 00007ffdcc098454 [ 75.741726][ T5842] [ 75.741733][ T5842] Modules linked in: [ 75.741753][ T5842] ---[ end trace 0000000000000000 ]--- [ 75.741767][ T5842] RIP: 0010:lmLogSync+0x1f1/0x9d0 [ 75.741799][ T5842] Code: 80 87 fe 4d 8d 7e d8 4c 89 f8 48 c1 e8 03 80 3c 18 00 74 08 4c 89 ff e8 1d b3 e6 fe 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ff e8 01 b3 e6 fe 49 8b 3f e8 19 fa bd fe [ 75.741817][ T5842] RSP: 0018:ffffc900048dfa80 EFLAGS: 00010206 [ 75.741834][ T5842] RAX: 0000000000000006 RBX: dffffc0000000000 RCX: ffff888027450000 [ 75.741849][ T5842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.741862][ T5842] RBP: ffffc900048dfb88 R08: 0000000000000000 R09: 0000000000000000 [ 75.741875][ T5842] R10: ffffc900048df868 R11: fffff5200091bf3a R12: 0000000000000000 [ 75.741890][ T5842] R13: ffff888028ebb000 R14: ffff88802cba3c38 R15: 0000000000000030 [ 75.741905][ T5842] FS: 00005555827923c0(0000) GS:ffff8881269c5000(0000) knlGS:0000000000000000 [ 75.741924][ T5842] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.741939][ T5842] CR2: 00007fee977fa000 CR3: 0000000042612000 CR4: 00000000003526f0 [ 75.741958][ T5842] Kernel panic - not syncing: Fatal exception [ 75.742245][ T5842] Kernel Offset: disabled